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[57] ABSTRACT 

A disk drive controller having a plurality of disk drive 
interfaces, each interface includes a connector, a delay 
circuit, and a set of power application circuits is provided to 
a server to support hot docking of SCA drives. Each con- 
nector is adapted to mate with a hot docking disk drive 
having equal length connecting pins, and detect the presence 
of such disk drive when the hot docking disk drive makes 
contact with the connector. Each delay circuit generates a set 
of properly delayed enabling signals to the corresponding 
power application circuits. Each set of power application 
circuits regulates power applications to the hot docking disk 
drive making contact with the corresponding connector. Hie 
delayed and regulated manner of applying power prevents 
voltage and power swings that might disrupt on-going 
operations and/or cause damages to the neighboring drives. 

24 Claims, 6 Drawing Sheets 
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CIRCUITRY FOR CONTROLLING POWER 
APPLICATION TO A HOT DOCKING SCSI 
SCA DISK DRIVE 

BACKGROUND OF THE INVENTION 

1. Field of the Invention 
The present invention relates to the fields of disk drives 

and computer systems. In particular, the present invention 
relates to controlling power application when hot docking a H> 
Small Computer System Interface (SCSI) Single Connector 
Attachment (SCA) disk drive. 

2. Background Information 

As more and more microprocessor based servers are 
employed in various critical or sensitive business or scien- 
tific applications, the expectation of their reliability and 
availability increases in tandem. A particular aspect that is of 
increasing interest is the availability and reliability of the 
server's disk drives. In today* s servers, it is not uncommon 2(J 
to find a not insignificant number of disk drives storing many 
gigabytes of data. As a result, hot swappable or hot dockable 
disk drives have emerged as a high priority feature. 

Hot swapping or hot docking refers to the ability to 
remove a malfunctioning disk drive from the server and 2 $ 
reinsert a properly functioning disk drive into the server 
without having to halt and/or otherwise shut the server 
down. Excessive power and voltage swings must be pre- 
vented when removing the malfunctioning disk drive and 
reinserting the replacement drive, to prevent disruption to 30 
operations and/or physical damages to the neighboring 
drives. The conventional approach is to employ disk drives 
having connecting pins that are of uneven lengths. More 
specifically, special 5 v and 12 v pins having lengths that are 
longer than associated pins are used to make preliminary 35 
electrical contacts with the power supply of the server, 
thereby stabilizing the power and voltage of the server, 
before the shorter operational pins would make full electri- 
cal contact with the power supply of the server. 

An SCA drive by definition has equal length connecting 40 
pins. Thus, traditionally SCA drives are not considered to be 
hot swappable or hot dockable. Since SCA drives, due to 
other reasons, are a lot more economical than most of the hot 
dockable drives employed today, it is desirable to be able to 
hot dock SCA drives. 45 

As will be disclosed in more detail below, the circuitry of 
the present invention controls power application to a hot 
docking SCA disk drive, thereby allowing the SCA disk 
drive to be hot dockable. These and other advantages will be 
evident to those skilled in art from the detailed descriptions 50 
to follow. 

SUMMARY AND OBJECTS OF THE 
INVENTION 

55 

The desirable results are advantageously achieved by 
providing a disk drive controller having a plurality of disk 
drive interfaces, each interface includes a connector, a delay 
circuit and a set of power application circuits. Each connec- 
tor is adapted to mate with a docking disk drive having equal 60 
length connecting pins, and to report the presence of such 
disk drive making contact with the connector. The delay 
circuit is used to generate a set of properly delayed enabling 
signals to allow time for the connector to go from partial 
engagement to full engagement. The delayed enabling sig- 65 
nals are generated responsive to the reported disk drive 
presence. Each set of power application circuits are used to 



2 

apply power to the docking disk drive making contact with 
the corresponding connectors, in a regulated manner, to 
prevent in rush of current due to changing loads. The power 
is applied responsive to the delayed enabling signals. The 
delayed and regulated manner of applying power prevents 
voltage and power swings that might disrupt on-going 
operations and/or cause damages to the neighboring drives. 

In one embodiment, the delay circuit comprises primarily 
a delay timer coupled to the corresponding connector and a 
power supply, and a flip flop serially coupled to delay timer. 
In one variation of this embodiment, the delay circuit further 
comprises a number of Boolean gates complementing the 
delay timer and the flip flop for factoring the fault state of the 
corresponding drive in generating the set of properly 
delayed enabling signals. In an alternate embodiment, a 
micro-controller is employed to generate the set of properly 
delayed enabling signals for the various sets of power 
application circuits. 

In one embodiment, each set of power application circuits 
includes a rwimary power application circuit for applying 
power to the docking disk drive making contact with the 
corresponding connector via a +12 v line, and a secondary 
power application circuit for applying power to the same 
corresponding connector via a +5 v line. Both power appli- 
cation circuits are equipped with the ability to apply the 
power in a gradual manner. In a particular variation of this 
embodiment, the primary and secondary power application 
circuits are similarly constituted. Each circuit comprises 
primarily of a gate coupled to the power input and a FET 
transistor serially coupled to the gate. Preferably, each 
power application circuit is further provided with another 
parallel connection to the FET transistor to serve as a 
by-pass to compensate for the step load requirement of the 
docking disk drive. 

BRIEF DESCRIPTION OF DRAWINGS 

The present invention will be described by way of exem- 
plary embodiments but not limitations illustrated in the 
accompanying drawings in which like references denote 
similar elements, and in which: 

FIG. 1 illustrates an exemplary server incorporating the 
teachings of the present invention; 

FIG. 2 illustrates the relevant portions of one embodiment 
of the disk drive controller of the present invention 
employed by the exemplary server of FIG. 1; 

FIG. 3 illustrates one embodiment of one of the disk drive 
interfaces of FIG. 2 in further detail; 

FIG. 4 illustrates one embodiment of the delay circuitry of 
FIG. 3 in further detail; 

FIGS. 5-6 illustrate one embodiment each of the primary 
and secondary power application circuitry of FIG. 3 in 
further detail; 

FIG. 7 illustrates the relevant portions of an alternate 
embodiment of the disk drive controller of the present 
invention employed by the exemplary server of FIG. 1. 

DETAILED DESCRIPTION OF THE 
INVENTION 

In the following description, for purposes of explanation, 
specific numbers, materials and configurations are set forth 
in order to provide a thorough understanding of the present 
invention. However, it will be apparent to one skilled in the 
art that the present invention may be practiced without the 
specific details. In other instances, well known systems are 
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shown in diagrammatic or block diagram form in order not 
to obscure the present invention. 

Referring now to FIG. I, a block diagram illustrating an 
exemplary computer server incorporating the teachings of 
the present invention. The computer server 10 comprises 5 
processor 12, cache memory 14, main memory 16, and 
memory controller 18 coupled to each other via a processor 
bus 26. The computer server 10 further comprises bus 
controller 20, disk drives 22 and network interfaces 24 
coupled to each other via input/output (I/O) bus 28. Memory 10 
and bus controllers 18 and 20 are also coupled to each other. 
The disk drives 22 are SCA drives and include a SCA disk 
drive controller incorporated with the teachings of the 
present invention, enabling the SCA disk drives 22 to be hot 
dockable. 15 

Before describing the present invention in further detail, 
it should be noted that while the present invention is being 
described in the context of the above described exemplary 
computer server 10, the present invention may be practiced 
in computer servers having different system architectures. In 20 
fact, based on the descriptions to follow, it will be appreci- 
ated that the present invention may also be practiced on 
desktop computers, notebook computers and the like. 

Referring now to FIG. 2, which illustrates the relevant 
portions of one embodiment of the SCA disk controller 30 
in further detail. Disk drive controller 30 includes disk drive 
interfaces 32a-32* incorporated with the teachings of the 
present invention. Disk drive interfaces 32a-32* are iden- 
tical interfaces serially coupled to each other and receiving 
power supply via a set of various voltage lines. For the 
illustrated embodiment, disk drive interfaces 32a-32* fur- 
ther receive drive fault states (DRTVE_FLT [0:n]) as inputs. 
Drive fault states denote whether faults are detected by the 
server 10 for the various disk drives 22; and they are set and 
reset by the server 10. 

In one embodiment, disk drive controller 30 includes 
eight (8) such disk drive interfaces 32a-32h. All eight 
interfaces 32a-32/j receive a primary power input via a +12 
v line and a secondary power input via a +5 v line. In this ^ 
embodiment, all eight interfaces 32a-32/i also receive their 
corresponding fault states (DRJVE_FLT [0:8]) as inputs. 

Referring now to FIG. 3, one embodiment of first disk 
drive interface 32a is illustrated in further detail. As illus- 
trated, first disk drive interface 32a comprises a connector 45 
36a, delay circuit 38a and a set of power application circuits 
40a-42a. For the illustrated embodiment, the set of power 
application circuits 40a-42a includes a primary power 
application circuit 40a and a secondary power application 
circuit 42a. 50 

Connector 36a is adapted to mate with a docking disk 
drive having equal length connecting pins, and detect the 
presence of such disk drive (DRIVE_PRES__0) when the 
disk drive makes contact with the connector 36a. Delay 
circuit 38a generates the properly delayed enabling signals 55 
(FWR_EN_0) for the power application circuits 40a-42a, 
allowing time for the connector 36a to go from initial partial 
engagement to full engagement. Enabling signal PWR_ 
EN_0 is generated responsive to the detection signal 
(DR1VE_PRES_0) factoring in the drive's fault state 60 
(DRTVE__FLT_0) . Primary and secondary power applica- 
tion circuits 40a-42a are used to regulate a first and a second 
power application to connector 36a via a +12 v and a +5 v 
line, preventing in rush of currents as a result of changing 
load. Both primary and secondary power are applied gradu- 65 
ally responsive to properly delayed enabling signals PWR_ 
EN_0. 



25 



30 



35 



The amount of time delays required to allow the connec- 
tor 36a to go from partial engagement to full engagement is 
dependent on the physical characteristics of the disk driver 
carrier. In one embodiment, the required delay time is about 
X A sec. The rate of power application is dependent on the 
frequency responsiveness of the power supplies. In one 
embodiment, the rate of power application is about 500 usee. 
The delayed and regulated manner of applying power pre- 
vent power and voltage swings that might interrupt on going 
operations or cause damages to the neighboring disk drives. 

Referring now to FIG. 4, which illustrates one embodi- 
ment of delay circuit 38a in further details. As illustrated, 
delay circuit 38a primarily comprises of a delay timer 52a 
coupled to the corresponding connector and a power supply, 
and a flip flop 58a serially couple to the delay timer 52a. 
More specifically, the discharge and threshold terminals of 
delay timer 52a is coupled to the power supply of the +5 v 
line via resistors R4 and R5, and the trigger terminal of delay 
timer 52a is coupled to the corresponding connector. Flip 
flop 58a is serially coupled to the output tenninal of delay 
timer 52a Additionally, for the illustrated embodiment, 
AND gate 54a and NOR gate 56a are provided to comple- 
ment delay timer 52a and flip flop 58a to allow the drive's 
fault state to be factored in the generation of the properly 
delayed enabling signal (PWR_EN_0). 

Delay circuit 38a outputs active PWR_EN_0 upon 
receiving the complement of DRIVE__PRES_0 denoting 
the presence of the corresponding drive, applying proper 
amount of delay and ensuring the fault state (DRIVE_JFLT_ 
0) of the corresponding drive has been reset by the server. 
The various resistor and capacitor values are empirically 
detennined. In one embodiment, the values of R4 and R5 are 
2M and 1M ohms respectively. 

Referring now to FIGS. 5-6, which illustrate one embodi- 
ment each of primary and secondary power application 
circuits 40a-42a in further details. As illustrated, primary 
and secondary power application circuits 40a-42a are simi- 
larly constituted. Each circuit 40a or 42a comprises prima- 
rily of gate 44a or 48a coupled to the power supply via either 
the +12 v or the +5 v line, and FET transistor 46a or 50a 
serially coupled to gate 44a or 48a. More specifically, the 
output terminal of gate 44a or 48a is serially coupled to the 
gate input terminal of FET transistor 46a or 50a through 
resistor Rl or R2. Preferably, each circuit 40a or 42a further 
includes another parallel connection between the power 
supply on the +12 v or +5 v line and FET transistor 46a or 
50a having C2 and C4 coupled to ground as shown. More 
specifically, the parallel connections are between the power 
supply of the +12 v and +5 v lines and the drains of FET 
transistors 46a and 50a respectively. 

Gate 44a or 48a prevents the power supplied via the +12 
v or +5 v to be applied, unless the properly delayed enabling 
signal (PWR_EN_0) is active. If PWR_EN_0 is active, 
power supplied via the +12 v and +5 v lines are applied 
through FET transistors 46a and 50a respectively. However, 
because of Rl and CI, and R2 and C3, the power from the 
+12 v and +5 v lines are applied gradually. The parallel 
connections (induding C2 and C4) serve as by-passes to the 
FET transistors 46a and 50a for compensating the step load 
requirement of the disk drive. 

The values for Rl, R2, and C1-C4 are empirically deter- 
mined. In one embodiment, the values of Rl and R2 are 1M 
ohms and 300K ohms respectively, whereas the values of 
C1-C4 are all 0.01 uF. 

Referring now to FIG. 7, an alternate embodiment of disk 
drive controller 30' is illustrated. Disk drive controller 30' 
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similarly comprises disk drive interfaces 32a -32*'. How- 
ever, in lieu of providing a delay circuit to each of the disk 
drive interfaces 32a'-32*', micro-controller 34 is provided 
instead. DRIVE_PRES [0:n] and DRIVE JLT [0:n] are all 
routed to micro-controller 34. In response, micro-controller 5 
34 generates PWR_EN [0:n] as described earlier. 

Thus, a circuit for controlling power application to a hot 
docking SCSI SCA disk drive is described While the circuit 
of the present invention has been described in terms of the 
illustrated embodiments, those skilled in the art will recog- 10 
nize that the invention is not limited to the embodiments 
described. The present invention can be practiced with 
modification and alteration within the spirit and scope of the 
appended claims. The description is thus to be regarded as 
illustrative instead of restrictive on the present invention. 15 

What is claimed is: 

1. A disk drive interface comprising: 

a) a connector interface for mating with a hot docking disk 
drive having equal length connecting pins and detecting 
the hot docking disk drive's presence when the hot 
docking disk drive's equal length connecting pins make 
contact with the connector interface; and 

b) a first power application circuit coupled to the connec- 
tor interface for applying a first power in a time delayed 
and gradual manner to the hot docking disk drive 
making contact with the connector interface, the first 
power being applied in the time delayed and gradual 
manner in response to receiving a first time delayed 
enabling signal which is provided to the first power 
application circuit as a result the connector interface 
detecting the presence of the hot docking disk drive. 

2. The disk drive interface as set forth in claim 1 wherein 
the first power application circuit applies power supply from 
a +12 v line in the time delayed and gradual manner to the 
hot docking disk drive making contact with the connector 
interface. 

3. The disk drive interface as set forth in claim 1 wherein 
the disk drive interface further comprises 

c) a delay circuit coupled to the connector interface and 
the first power application circuit for receiving a detec- 
tion signal denoting the presence of the hot docking 
disk drive from the connector interface, and in 
response, delaying for a predetermined amount of time, 
and then providing the first properly time delayed 
enabling signal to the first power application circuit. 

4. The disk drive interface as set forth in claim 1 wherein 
the disk drive interface further comprises 

c) a second power application circuit coupled to the 
connector interface for applying a second power in a 50 
time delayed and gradual manner to the hot docking 
disk drive making contact with the connector interface, 
the second power being applied in the time delayed 
manner in response to receiving a second time delayed 
enabling signal which is provided to the second power 55 
application circuit as a result the connector interface 
detecting the presence of the hot docking disk drive. 

5. The disk drive interface as set forth in claim 1 wherein 
the disk drive interface further comprises: 

d) a delay circuit coupled to the connector interface, the 60 
first and the second power application circuits for 
receiving a detection signal denoting the presence of 
the hot docking disk drive from the connector interface, 
and in response, delaying for a predetermined amount 

of time, and then providing the first and the second 65 
properly time delayed enabling signals to the first and 
the second power application circuits respectively. 
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6. The disk drive interface as set forth in claim 3 wherein 
the delay circuit further factors into consideration a fault 
state of the hot docking disk drive in providing the first 
properly time delayed enabling signal. 

7. The disk drive interface as set forth in claim 4 wherein 
the second power application circuit applies power supply 
from a +5 v line in a time delayed and gradual manner to the 
hot docking disk drive making contact with the connector 
interface. 

8. The disk drive interface as set forth in claim 5 wherein 
the delay circuit further factors into consideration a fault 
state of the hot docking disk drive in providing the first and 
the second properly time delayed enabling signals. 

9. A disk drive controller comprising: 

a) a plurality of disk drive interfaces, each disk drive 
interface having 

a.l) a connector interface for mating with a hot docking 
disk drive having equal length connecting pins and 
detecting the hot docking disk drive's presence when 
the hot docking disk drive's equal length connecting 
pins make contact with the connector interface, and 

a.2) a first power application circuit coupled to the 
connector interface for applying a first power in a 
time delayed and gradual manner to the hot docking 
disk drive making contact with the connector inter- 
face, the first power being applied in the time 
delayed and gradual manner in response to receiving 
a first time delayed enabling signal which is provided 
to the first power application circuit as a result the 
connector interface detecting the presence of the hot 
docking disk drive. 

10. The disk drive controller as set forth in claim 9 
wherein each disk drive interface further comprises: 

a.3) a delay circuit coupled to the connector interface 
and the first power application circuit for receiving a 
detection signal denoting the presence of the hot 
docking disk drive from the connector interface, and 
in response, delaying for a predetermined amount of 
time, and then providing the first properly time 
delayed enabling signal to the first power application 
circuit. 

11. The disk drive controller as set forth in claim 9 
wherein each disk drive interface further comprises 

a.3) a second power application circuit coupled to the 
connector interface for applying a second power in a 
time delayed and gradual manner to the hot docking 
disk drive making contact with the connector inter- 
face, the second power being applied in the time 
delayed manner in response to receiving a second 
time delayed enabling signal provided as a result the 
connector interface detecting the presence of the hot 
docking disk drive. 

12. The disk drive controller as set forth in claim 9, 
wherein the disk drive controller further comprises: 

b) a microcontroller coupled to the plurality of disk drive 
interfaces for receiving a signal denoting presence of a 
disk drive at the connector interface from each of the 
disk drive interface, and in response, delaying for a 
predetermined amount of time, and providing each of 
the disk drive interfaces with a first properly time 
delayed enabling signal. 

13. The disk drive controller as set forth in claim 11 
wherein each disk drive interface further comprises: 

a. 4) a delay circuit coupled to the connector interface, 
the first and the second power application circuits for 
receiving a detection signal denoting the presence of 
the hot docking disk drive from the connector inter- 
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face, and in response, delaying for a predetermined 
amount of time, and then providing the first and the 
second properly time delayed enabling signals to the 
first and the second power application circuits 
respectively. 5 

14. The disk drive controller as set forth in claim 12 
wherein the microcontroller further receives a fault slate of 
the docked disk drive for each disk drive interface, and 
factors the fault state into providing the corresponding first 
properly time delayed enabling signal. 10 

15. The disk drive controller as set forth in claim 12 
wherein each disk drive controller further comprises 

c) a second power application circuit coupled to the 
connector interface for applying a second power in a 
time delayed and gradual manner to the hot docking 15 
disk drive making contact with the connector interface, 
the second power being applied in the time delayed 
manner in response to receiving a second time delayed 
enabling signal which is provided to the second power 
application circuit as a result the connector interface 20 
detecting the presence of the hot docking disk drive. 

16. The disk drive controller as set forth in claim 15 
wherein the microcontroller further receives a fault state of 
the docked disk drive for each disk drive interface, and 
factors the fault state into providing the corresponding first 25 
and second properly time delayed enabling signals. 

17. A computer system comprising: 

a) a plurality of disk drives; and 

b) a disk drive controller adapted for hot docking the disk 3Q 
drives, induding 

b.l) a plurality of disk drive interfaces, each disk drive 
interface having 

b.1.1) a connector interface for mating with a hot 
docking disk drive having equal length connecting 35 
pins and detecting the hot docking disk drive's 
presence when the hot docking disk drive's equal 
length connecting pins make contact with the 
connector interface, and 

b.1.2) a first power application circuit coupled to the ^ 
connector interface for applying a first power in a 
time delayed and gradual manner to the hot dock- 
ing disk drive making contact with the connector 
interface, the first power being applied in the time 
delayed and gradual manner in response to recei v- 45 
ing a first time delayed enabling signal which is 
provided to the first power application circuit as a 
result the connector interface detecting the pres- 
ence of the hot docking disk drive. 

18. The computer system as set forth in claim 17 wherein 5Q 
each disk drive interface further comprises: 

b.l. 3) a delay circuit coupled to the connector inter- 
face and the first power application circuit for 
receiving a detection signal denoting the presence 
of the hot docking disk drive from the connector 3J 
interface, and in response, delaying for a prede- 
terrnined amount of time, and then providing the 
first properly time delayed enabling signal to the 
first power application circuit. 
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19. The computer system as set forth in claim 17 wherein 
each disk drive interface further comprises 

b.L3) a second power application circuit coupled to 
the connector interface for applying a second 
power in a time delayed and gradual manner to the 
hot docking disk drive making contact with the 
connector interface, the second power being 
applied in the time delayed and gradual manner in 
response to receiving a second time delayed 
enabling signal which is provided to the second 
power application circuit as a result the connector 
interface detecting the presence of the hot docking 
disk drive. 

20. The computer system as set forth in claim 17, wherein 
the disk drive controller further comprises: 

b.2) a microcontroller coupled to the plurality of disk 
drive interfaces for receiving a signal denoting pres- 
ence of a disk drive at the connector interface from 
each of the disk drive interface, and in response, 
delaying for a predetermined amount of time, and 
providing each of the disk drive interfaces with a first 
properly time delayed enabling signal. 

21. The computer system as set forth in claim 17 wherein 
each disk drive interface further comprises 

b.l. 3) a second power application circuit coupled to 
the connector interface for applying a second 
power in a time delayed and gradual manner to the 
hot docking disk drive making contact with the 
connector interface, the second power being 
applied in the time delayed and gradual manner in 
response to receiving a second time delayed 
enabling signal which is provided to the second 
power application circuit as a result the connector 
interface detecting the presence of the hot docking 
disk drive. 

22. The computer system as set forth in claim 19 wherein 
each disk drive interface further comprises: 

b.l. 4) a delay circuit coupled to the connector inter- 
face, the first and the second power application 
circuits for receiving a detection signal denoting 
the presence of the hot docking disk drive from the 
connector interface, and in response, delaying for 
a predetermined amount of time, and then provid- 
ing the first and the second properly time delayed 
enabling signals to the first and the second power 
application circuits respectively. 

23. The computer system as set forth in claim 20 wherein 
the microcontroller further receives a fault state of the 
docked disk drive for each disk drive interface, and factors 
the fault state into providing the corresponding first properly 
time delayed enabling signal. 

24. The computer system as set forth in claim 21 wherein 
the microcontroller further receives a fault state of the 
docked disk drive for each disk drive interface, and factors 
the fault state into providing the corresponding first and 
second properly time delayed enabling signals. 

+ * + * * 
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ABSTRACT 



A system tracks the amount of time a computer system has 
operated, after its delivery to a new user. The system 
includes a terminate and stay resident (TSR) program which 
is loaded each time the computer is booted. The program 
counts system timer ticks and, at predetermined intervals but 
only when the operating system is idle, logs the amount of 
time counted in a log file located on the computer's local 
bard drive. 

4 Claims, 6 Drawing Sheets 
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SYSTEM FOR TRACKING COMPUTER FIG. 2 is a simplified block diagram of a computer 

USAGE TIME system, into which the present invention may be incorpo- 
rated. 

BACKGROUND OF THE INVENTION FIGS, 3A and 3B arc flowcharts describing the operation 

1. Field of the Invention 5 of me FGfe™ 1 embodiment's Initialize function, FIG. 3 
rp. * . ^ w , ^ , _ . . - shows the relationship between FIGS. 3A and 3B 

This invention relates to systems for tracking the amount ™, A . A * 

of time a computer has been operating. More specifically, *? G * * 15 a flowchart describing the operation of the 

this invention relates to background executing programs that erred embodiment s DosTlmer function, 

track the amount of time a computer has operated after it has 10 5 is a flowchart describing the operation of the 

been delivered to a new user. preferred embodiment* s Dosldle function* 

2. Description of Related Art DETAILED DESCRIPTION OF THE 
Computer sellers are sometimes asked to accept returned PREFERRED EMBODIMENT 

computer systems. Because the seller has no way of know- CTn , «i lwfrntoe on , , . - A . A 

kghowmuchmectherwisenewsystemhasbeenuse^itis 15 ^\l^r^LTJ^^ ^mputer system 10 into 

often forced to resell the compute/as a used system, which 1^ ^ ? Z ™ T h ^^^ly incorporated 
ofcourse commands atoJJto Were there L£m££ 

of tracking the amount of time that a new computer system ™ 55* ^ *f 

has been operated before its return, the selleTcould resell ^J^^JTE?* ™> ***** 

returned systems that were used infrequently or not at all for 20 £"^1^ 

a much hieher price computer system 10. The flexible disk drive 16 permits 

, y ' a user to transfer software and data to and from the computer 

There is thus a need for a method or system for tracking system 10. The computer system 10 may advantageously 

the amount of time a new computer system has been other peripheral devices, such as, for example, a 

operated, after it has been delivered to a new user. ^ printer (not shown). 

SUMMARY OF THE INVENTION ^ 2 is *!^ y s *°P mGd block ^gram of the com- 
puter system 10 showing a microprocessor or central pro- 

The present invention is a system for tracking the amount cessing unit (CPU) 50, a random access read/write memory 

of time a computer has been operated, after the computer has (RAM) subsystem 52, and an input/output (I/O) subsystem 

been delivered to an end user. The system comprises a time 30 54, connected to a common system bus 56. A number of 

logging program which is loaded into the computer's peripheral devices, such as, for example, a hard disk drive 

memory, and which is activated in a background mode each 60> the floppy disk drive 16, a timer subsystem 64, the 

time the computer is booted. The time logging program keyboard 14 and the monitor 12, communicate with the 

counts timer interrupts issued by the computer's timer, and microprocessor 50 via the I/O subsystem 54 and the system 

updates a log file located on the computer's hard drive at 35 bus 56. In addition, various components connected to the I/O 

predetermined intervals. The log contains data representing subsystem 54 generate interrupts which are communicated 

the amount of time the computer has been on. Because the to the microprocessor 50 via one or more interrupt lines 70. 

program operates in background mode, its execution is One skilled in the art will appreciate that the I/O subsystem 

virtually transparent to the user, thus providing an elegant 54 may include a number of different buses, such as, for 

and unobtrusive method far tracking the amount of time the 40 example, a peripheral component interconnect (PCI) bus, an 

computer has been used. In the preferred embodiment, the Industry Standard Architecture (ISA) bus, a video local bus, 

time logging program is a DOS-based Terminate and Stay and the like, which are not shown in FIG. 2. The computer 

Resident (TSR) program, system 10 is configured in a conventional manner and is not 

In accordance with another aspect of the present alteed "V mannei m to incorporate the present 

invention, the time logging program intercepts idle 45 invention other than to load and run the program described 

interrupts, which are issued by the computer's operating herein. Thus, it is not believed to be necessary to further 

system whenever it is idle. The time logging program describe the basic structure or operation of the computer 

updates the log file only during these idle periods, thus system 10. 

further ensuring that the program's operation does not Th e I^erredemrxxiiment of this invention is a Terminate 
interfere with the computer's other tasks. so and Stay Resident (TSR) computer program called 
Moreover, in the preferred embodiment of the present "Tndaf. The Tracker program is loaded automatically by 
invention the log file and the executable file are hidden flies, ^ com P utcr,s DOS operating system whenever the corn- 
making them invisible to the casual user. P uter * bootoA Bccausc mc Tracker program is a TSR, it 

The time logging program ceases operating after it has ^ ° mcr cora P u t tcr P">sranis «ye running. 

_ . . V ~t ^ IT f " ™ 55 Moreover, the Tracker program's operation is invisible to 

counted a PKdeterniined number of timer interrupt^ In me Q ^ ftc us ^7 0t to its presence 

addmon, toe time logging program ^counts the number of or tempted to dis&ble it. * 

times the computer executes the TSR program, which gen- ~ T\ * ^ j ^ , 

erally corresponds to the number of times the computer is Bnefl y des f rib . ed ' the packer program monitors the corn- 
booted, and likewise ceases operating after it has counted a „ P«f system s dmer and, at predetermined intervals (by 
predetermined number of boots. 60 ? cfaalt > ^ imDUtes )^ ^ s amount of time 
„_ „. , . , . , intervals the computer system has been operating in a log file 

Tl l0 Ft? *f 5™ ^ ™ mpUt locatcd o* * c computer's hard drive. T^Ser pro Jam 

parameter to disable further operation. ^ logs Ae numbcr of ^ ^ computer s^mL been 

BRIEF DESCRIPTION OF THE DRAWINGS booted After a sufficient period of time has been monitored, 

65 or after a sufficient number of boots have been logged, the 

FIG. 1 is perspective view of a computer system, into Tracker program disables its logging function and forth er- 

which the present invention may be incorporated. more prevents itself from running as a logger when the 
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computer is booted in the future. In an alternative has been loaded into memory and executed. Beginning at a 

embodiment, the Tracker program also stores the time and step 100 in FIG. 3A, the Initialize function checks whether 

date when the computer system is first booted and the log file any command-line parameters were specified. If so, the 

is created. parameter is tested at a step 102 to determine if it is a number 

The Tracker program has three main components: (1) an 5 representing an interval time, in minutes. In the preferred 

Initialize function, which is called when the program is first embodiment, the interval time is in the range 30 to 60 

loaded, and which sets up the program's counters and minutes, although other ranges may be used. An interval of 

prepares the program to terminate and stay resident; (2) a 30 minutes causes the computer system to be activated only 

DosHmer function, which intercepts and counts the number twice per hour to update the log file. Thus, in a system where 

of DOS timer interrupts issued by the computer system's 10 the disk drive is powered down during periods of inactivity 

timer; and (3) a Dosldle function, which intercepts the DOS by the user, the disk drive is powered up infrequently to 

idle interrupt and, when enough timer ticks to reach one update the log file such that the user is not as likely to notice 

interval have been counted, updates a log file, located on the the disk activity than if the log file is updated more often, 

computer's hard disk, to reflect the total time the computer On the other hand, interval times longer than 60 minutes 

has been operating. 15 significantly affect the Tracker program's accuracy in log- 

The Tracker program is designed to accept one (optional) operating time. This is because whenever the computer 

command-line argument This argument can be either a is shut down or rebooted, the Tracker program will not 

number representing a valid interval time in minutes, or one record ^ fraction of an Interval that it has already counted, 

of the commands DELETE, LOCK, RESET, OR SHOW. Tnus > ^ 'fractaa' program consistently underestimates the 

(The effect of these commands will be described below.) If 20 amount of time the computer has been used, by an amount 

no argument is provided or if a valid interval time is pr°P ortional *> *e interval time. Longer interval times, 

provided, the Tracker program terminates but stays resident, therefore, lead to larger underestimations. 

and begins logging the time the computer is on. (If no ff n0 argument is specified, the Initialize function sets 

argument is given, the default interval time of thirty minutes IntervalMinutes to the default interval time of 30 minutes at 

is used.) If, on the other hand, a command is given, the 25 a ste P 1(M - ff a valid interval was specified, the Initialize 

Tracker program performs the requested function and function sets IntervalMinutes to the specified interval time at 

terminates, but does not stay resident a ste P 106 Next > at a step 108, the Initialize function tests 

In the preferred embodiment, the computer system 10 is wl *f ,hcr {t *f ^ a ^ pIO f^ t0 

an IBM-PC compatible computer usingtibe DOS operating resident V s * } I f i f 2e ^ nction *>f™™ 

system. As is well known tomost DOS users, when such a 30 the art by using the DOS 

computer is turned on or restarted ("booted"), the DOS ^ ^L^T 2 , > I determln t * heth u er 

operating system executes a batch command file called ^ soft ® Windows^ is executing and whether the 

«ATJTOTXEC£^, if such a file exists. The AUTOEX- program^ already resident If the Initialize function 

EC.BAT file typically performs basic startup functions such dctcmu ^ s ^J* ^ acker Ingram term ^ t ^ d 

as loading device drivers and setting up the DOS environ- 35 !g residcnt ' mc F ro 8 pBn at a step 109 (FIG. 

mcnt In the preferred embodiment, the computer seller JL T ■• , ^, „„ „ , , 

configures the AUTOEXEGBAT file so that ^executes the ™ c "f xt *f * a ste P whetherthe 

Tracker program (which is located on the computer's hard ^.f < »«*?■ 10 *° f^ < ?* od « te *«- 

disk) without a command-Hne argument In tWs way, the ® e ." ldc "f f d ^5°?',"* " 88 

Tracker program loads and starts ranting, using the default 40 ^ J«J* ,n locdhanlonve'sr^t toctory 

interval time, each time the compute is booted. C * ^ l0 f 5! " u *? 

Alternatively, the computer seller nlay configure the l»f , wiU •** , nohcc ? "f, *f not be tempted to alter it 

AUTOEXEC.!) AT file so that it executes the Tracker pro- (U d ™ ??' e ^ * e *f" h " 

gram using an interval time other than the default interval * e lo « a step 112. The log file contams mformauon 

45 for the following variables: BootCount, IntervalCount, 

' . , . , . , „ . ... . ^ . , IntervalMinutes, ManualLock, and AutoLock. Id an alter- 

For file reader's aid in following the description below, native embodimeDtf me log me ^ mclude5 the date and 

the Tracker program uses the following variables: ^ when &e lQg me mM whcn ^ CODSumer 

BootCount: the number of boots counted. fi,. st booted the computer system. As discussed above, the 

IntervalCount: the number of intervals counted. 50 log file is created so that it is a hidden file. When first 

ManualLock: a flag that, when set, stops the Tracker created, the log file variables are all zeroed, except the 

program from operating. IntervalMinutes variable, which is set to the current Inter- 

AutoLock: another flag that, when set, stops the Tracker valMinutes value (either the default of thirty minutes, or 

program from operating. whatever interval time was specified in the command-line 

Process: another flag mat, when set, stops the Tracker 55 argument). The Initialize function further checks at a step 

program from operating 114 wbetner its attempt at creating the log file was success- 

DoUpdateFile: a flag that, when set, causes the Tracker ^ *eFo^^ T^Vl* 

program to update the log file. If the log file does exist, the Initialize function loads the 

t * iw * *u u r • ^ . „ , data from the log file into its variables. Initialize then 

IntervalMinutes: the number of minutes per interval. _ anrm „ n * n - rt , . fll . T . . . 

Ti W1 . . * . . , 60 ensures at a step 116 that the log file s IntervalMinutes value 

IntervaTTicks: the number of tuner ticks per interval. is the same as the specified (or default) IntervalMinutes 

TicksLeft: the number of timer ticks remaining before value. This check is necessary because the Tracker program 

IntervalTlcks ticks have been counted. ^ me num ber of intervals counted, not the number of 

MaxBoots: the m axi mum number of boots to count minutes counted, and therefore if the Tracker program is 

Maxlntervals: the maximum number of intervals to count 65 directed to log at intervals different from the log file's 

FIGS. 3A and 3B illustrate the Tracker program's Initial- interval time, the IntervalCount value will have an indeter- 

ize function, which is called as soon as the Tracker program minate meaning. For this reason, if the log file's Interval- 
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Minutes value does not agree with the current IntervalM- If the LOCK keyword is found in the command line at a 

inutes value, the program terminates at the step 109 (FIG. step 220, the Initialize function sets the ManualLock flag 

3B)» and updates the log file at a step 222. Then, at a step 224. the 

If the log file does exist and if the log file's IntervalM- Initialize function displays the logged data. The Initialize 

inutes value agrees with the current IntervalMinutes value, 5 function then terminates at the step 109. 

the Initialize function also ensures at a step 118 that neither If the RESET keyword is found in the command line at a 

its ManualLock flag nor its AutoLock flag is set. Either of step 230, the Initialize function zeroes the BootCount, 

these flags directs the Tracker program to stop operating. IntervalCount, ManualLock, and, AutoLock variables and 

Therefore if either flag is set, the program terminates at the updates the log file at a step 232. The Initialize function then 

step 109 (FIG. 3B). 10 displays the logged data at the step 224 and then terminates 

If the program proceeds through the foregoing tests at the step 109. 

without terminating, the Initialize function increments the If the SHOW keyword is found in the command line at a 

BootCount variable at a step 120, and then at a step 122 step 240, then, at the step 224, the Initialize function 

checks whether a predetermined maximum number of boots displays the number of hours logged (IntervalCount times 

(MaxBoots) have been counted. In the preferred 15 iDtervalMinutes divided by 60), the number of boots 

embodiment, MaxBoots is set to 1,500, representing the counted, the IntervalMinutes period, and whether the Manu- 

assumption that after 1,500 boots, the system is sufficiently alLock or AutoLock flags are set The Initialize function 

used that further usage tracking is unnecessary. If MaxBoots then terminates at the step 109. 

(e.g., 1 ,500) boots have been counted, the Initialize function These keyword commands are not published as part of the 

sets the AutoLock flag at a step 124. 20 system documentation, and are intended to be used only by 

In any case, the Initialize function then updates the log file the seller prior to shipping a new system or when a system 

at a step 126 so that it contains the current set of logged is returned. 

variables. At this time, the Initialize function also calculates If the Tracker program has succeeded in terminating and 

the number of ticks required per interval (IntervalTicks), and staying resident, the Tracker program's DosTimer and 

sets the TlcksLeft variable to this number. IntervalTicks is 25 Dosldle functions will be called whenever a system timer 

equal to IntervalMinutes multiplied by 1,091, which closely interrupt or DOS idle interrupt occurs, respectively, 

approximates the 1,090.9 ticks per minute for an IBM- The DosTimer function counts the number of timer ticks 

compatible computer's system timer when the computer issued by the system timer. As illustrated in FIG. 4, the 

system is executing under DOS. The Initialize function also DosTimer function's first operation is to check the Process 

calculates Maxlntervals, which sets the maximum number 30 flag at a step 300 to determine if the Tracker program is still 

of intervals the Tracker program will count before disabling intended to operate. This check is made early to ensure that, 

itself. In the prefen^ ernb<)diment, Maxmtervals is equal to if the Tracker program should cease operation (if, for 

90,000 minutes (1,500 hours) divided by IntervalMinutes, so example, the requisite 1,500 hours logged have been 

that the Tracker program will log time for the first 1,500 reached), the DosTimer function exits quickly, dearly, since 

hours the computer is on, and then stop. 35 the DosTimer function is called 1091 times each minute, it 

Finally, at a step 128 the Initialize function chains the is advantageous for the function to quit as soon as possible 

Tracker program into the DOS tuner, idle, and multiplex if its continued operation is unnecessary. If the Process flag 

interrupt vectors, and men terminates and stays resident at a is not set, the DosTimer function returns control to the 

step 130. The process for hooking a TSR program into interrupt calling function at a step 302. 

interrupt vectors is well-known in the art and need not be 40 If the Process flag is set, the DosTimer function then 

described here. It is necessary only to note that the Tracker checks an. internal flag (DosTimerExecuting) at a step 304 to 

program's Dosldle function is chained into the DOS idle (28 determine if the DosTimer function has already been called, 

hex) interrupt vector, and that the Tracker program's Dos- Although it is an unlikely event, it is possible for the 

Timer function is chained into the DOS timer (08 hex) DosTimer function to be called while the function is execut- 

interrupt vector, so that the Dosldle function is called 45 ing. This can occur if the system timer issues an interrupt 

whenever the DOS system is idle, and the DosTimer func- during the DosTimer function's execution. For this reason, 

tion is called at each DOS timer tick. the DosTimer function must ensure that it is not already 

As illustrated in FIG. 3B, if the command-line parameter active, before continuing to execute. If the DosTCmerEx- 

passed to the Tracker program was not a valid interval, the ecuting flag is already set, the DosTimer function returns 

Initialize function checks at a step 200 whether the param- 50 control to the interrupt calling function at the step 302. 

eter is a valid keyword. As discussed above, valid keywords If the DosTimerExecuting flag is not set, the DosTimer 

are DELETE, LOCK, RESET, and SHOW. If the parameter function then decrements the TlcksLeft variable at a step 

is not a valid keyword, the program terminates at the step 306, and then checks whether it has reached zero yet at a step 

109. 308. Because TlcksLeft was initialized to the value of 

If on the other hand the parameter is a valid keyword, the 55 IntervalTicks, when TlcksLeft reaches zero, one interval has 

Initialize function displays a brief heading giving the elapsed. If the HcksLeft variable is not zero, the DosTimer 

Tracker program name and copyright information, and then function returns control to the interrupt calling function at 

determines whether the log file exists at steps 202 and 204. the step 302. If TlcksLeft is zero, the DosTimer function sets 

If no log file exists, the Initialize function displays an error the DosTimerExecuting flag at a step 310, resets TicksLeft 

message at a step 206 and then the program terminates at the eo to IntervalTicks at a step 312, increments IntervalCount at a 

^ep * step 314, and then sets the DoUpdateFile flag at a step 316. 

If the log file exists at the step 204, then the Initialize Next, the DosTimer function checks whether Interval- 
function responds to the keyword command in the command Count has reached Maxlntervals at a step 318. If it has, the 
line as follows. DosTimer function sets the AutoLock flag at a step 320, 

If die DELETE keyword is found in the command line at 65 which will (as discussed below) stop the Tracker program 

a step 210, the Initialize function deletes the log file at a step from operating further, after the log file has been updated 

212 and then terminates at the step 109. one last time. The DosTimer function then clears the Dos- 
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TimerExecuting flag at a step 322 and returns control to the 
interrupt calling function at the step 302. 

If at the step 318, the IntervalCount has not reached 
Maxlntervals, the DosHmer function clears the DosTimer- 
Executing flag at the step 322 and returns control to the 
interrupt calling function at the step 302. 

FIG. 5 illustrates the Dosldle function. The Dosldlc 
function is called in response to a DOS idle interrupt, which 
is issued whenever DOS is idle. Like the DosHmer function, 
the Dosldle function first checks an internal flag 
(DosIdleExecuting) at a step 400 to ensure that it is not 
already executing. If it is already executing, the Dosldle 
functions returns control to the interrupt calling function at 
a step 402. If it is not already executing, the Dosldle function 
checks whether the DoUpdateFile flag Is set at a step 404. 
Because the Dosldle function's only purpose is to update the 
Log file, it need only operate when DoUpdateFile has been 
set 

If the DoUpdateFile flag is set, the Dosldle function 
prepares for operation by setting the DosIdleExecuting flag 
at a step 406, and then checks the DOS system at a step 408 
to ensure that it is ready to accept a write request to the 
system's local hard drive. As those with skill in the art will 
appreciate, this check is performed by checking the DOS 
CriticalError flag (whose location is determined at initial- 
ization time via a DOS interrupt (21 hex) function call) to 
ensure that no critical error has occurred in the DOS system. 

If a DOS critical error would prevent the log file writing 
operation, the Dosldle function clears the DosIdleExecuting 
flag at a step 410 and then terminates by returning control to 
the interrupt calling function at the step 402. If not, the 
Dosldle function updates the log file, by writing to it the 
BootCount, IntervalCount, IntervalMinutes, ManualLock, 
and AutoLock values at a step 412. The Dosldle function 
then clears the DoUpdateFile flag at a step 414. 

The Dosldle function next checks whether either the 
ManualLock or AutoLock flag is set at a step 416. If neither 
flag is set, the Dosldle function clears the DosIdleExecuting 
flag at a step 410 and returns at the step 402. If either flag 
is set, the Dosldle function clears the Process flag (which 
will prevent the DosTimer function from further counting 
timer ticks) at a step 41$, clears the DosIdleExecuting flag 
at the step 410, and returns control to the interrupt calling 
function at the step 402. 

The Tracker program thus provides a simple way of 
keeping track of the number of boots and the total operating 
time of the computer system 10 in a manner generally 
transparent to the system's user. Thus, if the computer 
system 10 is returned to the seller, the seller can readily 
determine, by examining the log file (ie., by executing the 
Tracker program with the SHOW parameter in the command 
line), whether the computer system 10 has been used, and 
approximately how much it has been used. 

This invention may be embodied in other specific forms 
without departing from the essential characteristics as 
described herein. The embodiments described above are to 
be considered in all respects as illustrative only and not 
restrictive in any manner. The scope of the invention is 
indicated by the following claims rather than by the fore- 
going description. Any and all changes which come within 
the meaning and range of equivalency of the claims are to be 60 
considered within their scope. 

What is claimed is: 

1. A system for tracking the amount of time a computer 
has been operated after delivering the computer to an end 
user, said system comprising: 

a random access memory which stores data and execut- 
able programs while said computer is operating; 



10 



IS 



20 



25 



30 



35 



40 



45 



50 



55 



65 



a source of periodic interrupts to said computer, 

a non-volatile data storage device; 

a log file located on said non-volatile data storage device, 
said log file containing data representing the mount of 
time said computer has been on; and 

a time logging program which is loaded into memory and 
which is activated in background mode each time said 
computer is booted, said time logging program count- 
ing said timer interrupts and updating said data in said 
log fie when a predetermined number of said timer 
interrupts has been counted, said log file thereby stor- 
ing a count representing a time duration for which said 
computer is operated, and wherein said time logging 
program ceases operating after it has counted a prede- 
termined number of timer interrupts. 

2. A system for tracking the amount of time a computer 
has been operated after delivering the computer to an end 
user, said system comprising: 

a random access memory which stores data and execut- 
able programs while said computer is operating; 

a source of periodic interrupts to said computer, 

a non-volatile data storage device; 

a log file located on said non-volatile data storage device, 
said log file containing data representing the amount of 
time said computer has been on; and 

a time logging program which is loaded into memory and 
which is activated in background mode each time said 
computer is booted, said time logging program count- 
ing said timer interrupts and updating said data in said 
log file when a predetermined number of said timer 
interrupts has been counted, said log file thereby stor- 
ing a count representing a time duration for which said 
computer is operated, and wherein said time logging 
program also counts the number of rimes said computer 
system is booted. 

3. A system for tracking the amount of time a computer, 
which has a memory and a non-volatile data storage device 
and which issues timer mterrupts, is on, comprising: 

a log file located on said non-volatile data storage device, 
said log file containing data representing the amount of 
time said computer has been on; and 

a background executing program which is loaded into said 
memory and activated each time said computer is 
booted, said background executing program intercept- 
ing and counting said timer interrupts, said background 
executing program updating said log file's data when a 
predetermined number of said timer interrupts has been 
counted, and wherein said time logging program ceases 
operating after it has counted a predetermined number 
of timer interrupts. 

4. A system for tracking the amount of time a computer, 
which has a memory and a non-volatile data storage device 
and which issues timer interrupts, is on, comprising: 

a log file located on said non-volatile data storage device, 
said log file containing data representing the amount of 
time said computer has been on; and 
. a background executing program which is loaded into said 
memory and activated each time said computer is 
booted, said background executing program intercept- 
ing and counting said timer interrupts, said background 
executing program updating said log file's data when a 
predetermined number of said timer interrupts has been 
counted, and wherein said time logging program also 
counts the number of times said computer system is 
booted. 
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ABSTRACT 



Methods and apparatus for dynamically selecting a com- 
puter on a local area network to become a server providing 
shared access to a wide area network, such as the Internet, 
to all of the computers on the local area network is disclosed. 
A server may be selected from among any of the computers 
on the local area network that is currently available (i.e. 
powered on), and capable of establishing a connection to the 
wide area network. If the current server shuts down, a new 
server may be selected and started with only minimal impact 
on the other computers on the local area network, which are 
automatically reconfigured to use the new server to route 
network traffic to the wide area network. 

39 Claims, 3 Drawing Sheets 
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METHODS AND APPARATUS FOR 
DYNAMIC INTERNET SERVER SELECTION 

FIELD OF THE INVENTION 

The present invention relates generally to computer 
networking, and to establishing a connection to a wide area 
network, such as the Internet, that is shared by a small 
number of computers in a home environment. 

BACKGROUND OF THE INVENTION 

The explosive growth of the Internet that has occurred 
over the past few years has made the Internet and the World 
Wide Web (WWW) an increasingly important means for 
communication and distribution of information. Although 
much of the growth of the Internet has occurred due to its 
uses in education, research, and business, many households 
are now purchasing computer equipment and establishing 
Internet connections. As increasing numbers of households 
and families gain access to the Internet, numerous services, 
such as entertainment and shopping, are becoming available 
to serve the needs of these users. Home users are already 
becoming the predominant population of Internet users, and 
will further increase in numbers as the services available to 
home users become more numerous and attractive. 

At the same time that increasing numbers of home users 
are gaining access to the internet, the price of computer 
equipment is rapidly decreasing. During the past year, 
personal computer systems priced at under S1000 were the 
fastest growing segment of the personal computer market. 
Almost all of these inexpensive computers come with a 
pre-installed high-speed modem and software for connect- 
ing to the Internet. With the availability of such inexpensive 
computers, it is not uncommon for households to have 
multiple computer systems, each capable of establishing a 
connection to the Internet. 

The equipment necessary to connect multiple computer 
systems together to form a local area network (LAN) has 
also become inexpensive and simple. Many home computers 
are now equipped by the manufacturer with a standard 
network interface. Low cost add-on network interface cards 
and network hubs are also readily available. Setting up a 
LAN in the home is an attractive option for households 
having multiple computer systems, as it permits many 
resources, such as printers or storage space to be shared 
between all of the computers on the LAN. Moreover, 
manufacturers of other types of home equipment, such as 
home security systems, home control systems, audio and 
video equipment, and appliances are starting to incorporate 
network interfaces into their products. Already, many new 
homes are being built with the wiring for a LAN built-in, and 
it is expected that over the next decade, many more house- 
holds will install a LAN. 

Additionally, with the potential growth of home LANs, 
numerous networking technologies have been developed to 
make it easier to install a LAN in a home environment. 
These include technologies that can connect a LAN through 
preexisting wiring in a home, for example, by sending LAN 
traffic across power lines or home telephone lines. Also, 
numerous wireless LAN technologies that may be appropri- 
ate for home use have been developed, such as infrared and 
low-power RF LANs. As this type of equipment becomes 
widely available at a relatively low cost, it is expected that 
household LANs will become commonplace. 

Gaining access to the Internet through a single computer 
is relatively simple. A large number of Internet service 
providers (ISPs) provide dial-up accounts that permit virtu- 



9,162 

2 

ally unlimited low-speed access to the Internet for a modest 
monthly fee. All that is typically needed to connect to the 
Internet through an ISP is a personal computer equipped 
with a modem, a telephone line, and software (that typically 

5 is pre-installed on the computer system) for accessing the 
Internet through the ISP. 

The speed of the modem typically determines the speed of 
the connection to the Internet, and is currently less than 
56,000 bits per second. Over the next few years, various 

io types of higher speed connections, such as cable modems or 
digital subscriber lines, capable of transferring more than a 
million bits per second, are expected to become widely 
available for home use at a relatively low cost. 
In the past, dial-up connections typically provided access 

15 to the Internet to only a single computer at a time. Connect- 
ing multiple computers to the Internet required multiple 
telephone lines, and multiple ISP accounts. The monthly 
costs of maintaining multiple telephone lines and ISP 
accounts made this option prohibitively expensive for most 

20 households. As a result, even if a household had multiple 
computers, each with a high-speed modem, only one of 
these would typically be connected to the Internet through 
an ISP at any given time. 
Recently, it has become possible to share a single dial-up 

25 connection to the Internet with all the computers connected 
to a LAN by using "gateway software." The two widely 
available types of gateway software are called "proxy 
server" software, and "network address translation" soft- 
ware. Proxy server software works by providing an inter- 

30 mediary network server between the Internet and the LAN. 
Computers on the LAN are configured to send their requests 
to the proxy server software running on one particular 
computer on the network. The proxy server software then 
sends the request to the appropriate place on the Internet, 

35 receives any response, and sends the response back to the 
appropriate computer on the LAN. Thus, the proxy server 
interposes itself in every communication between a com- 
puter on the LAN and the Interact. 

4Q Network address translation software works in a manner 
similar to proxy server software, but is somewhat more 
transparent to the other computers on the LAN. Network 
traffic addressed to computers outside of the LAN is directed 
to the network address translation software, which reroutes 

45 the network traffic to the Internet. The addresses of network 
traffic received from the Internet in response to requests 
made by computers on the LAN are translated to reroute the 
traffic to the appropriate computers on the LAN, 
Both proxy server software and network address transla- 

50 lion software are commercially available from numerous 
vendors, and may be run on a wide variety of platforms. One 
popular proxy server software package for use with 
Microsoft's WINDOWS 95 operating system is WINGATE, 
produced by Deerfield.com, of Gaylord, Mich. A popular 

55 network address translation software package for use with 
Microsoft's WINDOWS 95 operating system is SYGATE, 
produced by SyberGen Incorporated, of Fremont, Cali. 

Using such software, one of the computers on the network 
(hereinafter referred to as the "server^) establishes a con- 
so nection to the Internet (e.g. using a modem and ISP), and 
permits the other computers on the LAN to access the 
Internet through the server. Typically, only one of the 
machines on the LAN is designated as the server, and only 
the server may normally establish a connection to the 

65 Internet. 

One drawback of this arrangement is that the software 
typically requires that one of the computers be designated as 
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a server, and the server may not be easily changed once 
designated. Since all of the computers on the LAN rely on 
the server for their internet connection, if the server is down 
(e.g. powered off or temporarily disconnected from the 
LAN), none of the computers on the LAN are able to access 
the Internet. Similarly, if the server stops functioning (e.g. 
due to a software problem or a system crash) while other 
computers on the LAN are using the server to access the 
Internet, all of the Internet connections are immediately lost. 

These difficulties are easily overcome in a small business 
environment, where it is common to dedicate a specific 
computer to performing the tasks of a server. The server is 
typically not used for any other functions (aside from 
sharing of other network resources), and runs continuously. 
The server is also typically configured with a professional, 
stable operating system, and may be configured to run only 
a small set of carefully selected software packages that are 
known to be stable, and are unlikely to encounter incom- 
patibilities or to cause system crashes. It is also not uncom- 
mon for small businesses to hire a computer professional to 
make certain that their server is properly configured, and 
continues to function. 

Conditions typically are very different in a home envi- 
ronment. For example, even if the household owns several 
computers, rarely is one of them dedicated to being a server. 
The computers used in the home are often turned off during 
non-use, so there is no guarantee that any particular com- 
puter will be powered on and thus available for use as a 
server. Additionally, many home users run somewhat 
unstable consumer-level operating systems on their 
computers, and also may run a wide variety of software, 
increasing the probability of incompatibilities, system 
crashes, and other software-related problems. It is difficult to 
use typical gateway software in such an environment, since 
no one computer on the LAN can be reliably designated as 
the server. 

In view of the above, it would be desirable to provide a 
means for dynamically selecting which of a number of 
available computers on a LAN should be used as a server to 
provide LAN access to the Internet. 

It would also be desirable to provide a means for dynami- 
cally and transparently switching between servers when the 
computer that is currently acting as server is shut down. 

SUMMARY OF THE INVENTION 

It is an object of the present invention to provide a means 
for dynamically selecting which of a number of available 
computers on a LAN should be used as a server to provide 
LAN access to the Internet. 

It is also an object of the invention to provide a means for 
dynamically and transparently switching between servers 
when the computer that is currently acting as server is shut 
down. 

These and other objects of the present invention are 
achieved by providing "server selection agent" software that 
works with gateway software to dynamically select and 
switch between servers. The software is designed to reduce 
the difficulties encountered when running a server in a home 
environment by permitting any one of a number of modem- 
equipped computers on a LAN (i.e. most home computers) 
to become a server. 

The software first searches the LAN to see if there is 
already an active server. If no server is found, then the 
software selects which of the available computers on the 
LAN should become the server. Once the selection is made, 
the computer that was selected as the server starts the 
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gateway software, and the other computers route their Inter- 
net traffic through the selected server. When the selected 
server shuts down, the computers on the LAN choose a new 
server from among the available computers, and resynchro- 

5 nize their network traffic to use the new server. 

Except in certain special override conditions, this entire 
process may be accomplished in a manner that is transparent 
to the users of the computers. Users of the computers on the 
LAN simply run their Internet-capable software as if they 

10 had a permanent connection to the Internet. The server 
selection agent software and gateway software run in the 
background, and automatically handle all of the details of 
selecting a server, connecting to an ISP to gain access to the 
Internet, routing network traffic between the LAN and the 

15 Internet, and dynamically switching between servers. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The above and other objects and advantages of the present 
20 invention will be apparent upon consideration of the fol- 
lowing detailed description, taken in conjunction with the 
accompanying drawings, in which like reference characters 
refer to like parts throughout, and in which: 

FIG. 1 shows a LAN on which the methods of the current 
25 invention may be used; 

FIG. 2 shows a state diagram of a preferred embodiment 
of the present invention; and 

FIG. 3 shows a state diagram of an alternative preferred 
embodiment of the present invention. 

30 

DETAILED DESCRIPTION OF THE 
INVENTION 

Referring to FIG. 1, typical home or small office LAN 10 
is described. Each of computers 12 on LAN 10 includes a 
network interface card and a modem. Computers 12 are 
coupled to LAN 10 through their network interface cards, 
and through network hub 14, which interconnects all of the 
devices on LAN 10. 

40 Each of computers 12 has an associated modem (e.g. an 
internal modem) or other communications device through 
which the computer can connect to a wide area network. For 
purposes of this application a wide area network (WAN) 
comprises any network or communications system outside 

4S of the LAN. It also will be evident to one skilled in the art 
that a connection to a wide area network may be established 
either directly, or through an intermediary network (LAN or 
WAN). 

Typically, computers 12 will establish a connection to the 

50 Internet (or other WAN) by connecting to ISP 16 through 
public telephone line 18. Because LAN 10 is being used in 
a home or small office, all of computers 12 share a single 
public telephone line 18, so only one of computers 12 may 
use its modem to connect to ISP 16 (or any other service) at 

55 any given time. Other network capable devices, such as 
printer 17 may also be connected to LAN 10. Additionally, 
computers without modems, such as computer 19, may be 
connected to LAN 10. Such computers may not be con- 
nected to public telephone line 18, and may not establish a 

60 connection to ISP 16. 

In a typical previously known LAN, only one of comput- 
ers 12 on LAN 10 could be connected to the Internet through 
ISP 16 at any given time. Whichever one of computers 12 
was connected would block any of the other computers on 

65 the LAN from using public telephone line 18 and the 
Internet account on ISP 16. The development of gateway 
software, however, such as network address translation 
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software or proxy server software, permits all of the com- 
puters on LAN 10 to share public telephone line 18 and 
access to ISP 16. The gateway software usually is installed 
on one of computers 12, which then functions as a desig- 
nated server. All of the other computers 12 and computer 19 
are configured to route any traffic to the Internet through the 
designated server containing the gateway software. Only the~ 
designated server normally uses its modem to connect to ISP 
16, and if the server is shut down or disconnected from LAN 
10, all of the other computers and devices on LAN 10 
become unable to access the Internet. 

In accordance with the principles of the present invention, 
server selection agent software is provided that enables any 
of computers 12 to be dynamically selected as the-'server. 
The server selection agent software of the present invention 
may be included as part of an operating system, or may be 
a separate software application. In either case, the server 
selection agent software is installed on all of computers 12 
and on computer 19. Additionally, gateway software is 
installed on all of computers 12, since any of computers 12 
could potentially become the server. 

When any of computers 12 or computer 19 needs access 
to the Internet, a server is selected from among the available 
computers 12. Computer 19 cannot be selected as a server, 
because it does not have a modem, and cannot establish a 
connection to ISP 16. 

If the server is shut down or disconnected from the 
network, the other computers select a new server from the 
available computers 12, and reestablish their connections to 
the Internet through the new computer 12 selected to func- 
tion as the server. In a preferred embodiment, the server may 
also be changed if a new one of computers 12 becomes 
available that would be a better server (e.g. because it has a 
faster modem) than the current server. Only if none of 
computers 12 are available, such as if they are all powered 
off, would other computers (e.g. computer 19) or devices on 
LAN 10 be unable to access the Internet. 

A preferred embodiment of the server selection agent 
software of the present invention also permits the user of one 
of the computers to request that his or her computer become 
the server. This may be useful; for example, if the user 
wishes to connect to a different ISP than the one that is 
currently in use by the server. If this "Override** mode is 
used, a message is displayed on each of the active computers 
on LAN 10, asking permission to switch servers. If all the 
users of the active computers on LAN 10 consent by 
selecting an "OK" option in the message, the server is 
switched, and all of the computers on LAN 10 reroute their 
Internet traffic through the new server (i.e. they become 
"clients" of the new server). 

It will be apparent to one skilled in the relevant arts that 
the modems in computers 12 may be replaced with cable 
modems, ISDN modems, or digital subscriber line modems, 
and public telephone line 18 may be replaced with other 
communications technology, such as a cable line, an ISDN 
line, or a digital subscriber lines. It will also be apparent that 
computers 12 may not all be identical. Some of computers 
12 may be faster than others, or have faster modems. Some 
of computers 12 may be connected to ISP 16 through, for 
example, a cable line, while others of computers 12 are 
connected to ISP 16 through public telephone line 18. 

Other configurations having multiple public telephone 
lines (or other communications lines) may also be used. 
With multiple telephone lines, it is possible to have more 
than one active server, and each of the client computers may 
select one of the active servers to reroute its Internet traffic. 
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Alternatively, each of the computers may connect to more 
than one active server, to provide additional network band- 
width. 

Additionally, the "hub and spoke" configuration of LAN 

5 10 is for illustration only. Other network configurations also 
are possible, and may not require use of network hub 14. 
Additionally, although LAN 10 typically comprises standard 
lOBase-T or 100Base-T connections, it could also comprise 
connections made via power lines, telephone lines, wireless 

10 connections made via infrared or RF transmission, or any 
other type of network connection. The principles of the 
present invention may be applied equally to any of these 
configurations, and should not be seen as limited to the 
configuration of LAN 10 shown in FIG. 1. 

15 Referring now to FIG. 2, a state diagram of a preferred 
embodiment of the server selection agent software of the 
present invention is shown. This software is installed on all 
of the computers on a LAN, either as a part of their operating 
systems, or as a separate application, and starts executing on 

20 a computer when the computer's operating system is started. 
Server selection agent software 20 normally executes in the 
background, and interferes only minimally with other soft- 
ware executing on the computer. A typical computer user 
may not even be aware that server selection agent software 

25 20 is executing. Optionally, the software may display a small 
icon on the screen of the computer on which it is executing 
to provide an indication of the current status of the software. 
By executing a separate monitoring program, a user may be 
able to receive more detailed information on the status and 

30 functioning of server selection agent software 20. 

Execution of server selection agent software 20 starts in 
state 100. In state 100, a powered -on computer, hereinafter 
called the "local computer," performs initialization, and 

35 establishes its presence on the LAN. This involves steps of 
broadcasting a initialization message to all other computers 
on the LAN, the initialization message containing informa- 
tion on the capabilities of the computer, such as the modem 
speed of the associated modem, and the CPU speed. The 

4Q local computer then waits-a short time to-receive messages 
from all of the other active computers on the LAN detailing 
the capabilities of those machines. 

In a preferred embodiment, the information broadcast 
during the initialization step includes information on the 

45 speed of any modems or other communication devices that 
the local computer may use to establish a connection to an 
ISP, and information on the overall system speed of the 
computer. This information is typically gathered once, when 
the software is installed. Information on modems or other 

5 q communications devices may be provided by the user during 
installation, or may be automatically determined. Informa- 
tion on the overall system speed of the local computer may 
be determined by executing a benchmark program designed 
to test how well the computer will perform as a server. This 

55 information may be updated whenever significant changes 
are made to the computer, such as when new hardware is 
installed. 

If the local computer receives no messages from other 
computers on the LAN, or receives messages only from 

60 computers that cannot become a server (e.g. because they do 
not have a modem), it concludes that there are no other 
currently active computers capable of becoming a server. In 
this case, if the local computer is capable of becoming a 
server, it switches to state 105 and becomes the currently 

65 active server. If none of the active computers on the LAN, 
including the local computer, are capable of becoming a 
server, an error message is displayed, and the local computer 
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switches to state 101. Under more normal conditions, when 
the local computer receives information on the capabilities 
of other currently active computers on the LAN, the local 
computer switches to state 101. 

State 101 is a standby mode, where the software waits for 
some event, such as a timer message or broadcast message 
from other computers on the LAN to cause it to transition to 
a different state. Since state 101 requires little or no 
processing, and software 20 spends most of its time in state 
101, the processing demands placed on a computer by 
software 20 are minimal. 

In state 101, when a timer event occurs, which preferably 
happens at one minute intervals, the local computer enters 
state 102, which searches for an active server. If a "Shut- 
down" message is received, the local computer transitions to 
state 104, where a new server is selected. The local computer 
may also transition to state 104 if a "no server found" error 
occurs, as a result of the local computer repeatedly searching 
for an active server without finding one. If the user initiates 
an override request, described in detail hereinafter, the local 
computer transitions to state 110, to handle the override 
request. If the local computer receives an override request 
broadcast in state 101, it transitions to state 111, to determine 
whether the override request is approved. 

State 102 searches the LAN for an active server. This may 
be achieved by the local computer broadcasting a network 
message to all computers on the LAN requesting that they 
respond if they are the active server. If none of the computers 
responds to the request within a reasonable time (typically 
less than a second), then no server has been found, and the 
local computer displays an error message indicating that no 
active server could be found, and returns to state 101. If 
another computer responds that it is the active server, the 
local computer transitions to state 103. 

It should be noted that the periodic searching for a server 
shown in FIG. 2 in the operation of states 101 and 102 could 
be changed without departing from the invention. For 
example, the active server could broadcast a message iden- 
tifying itself at regular intervals, rather than having all of the 
computers on the LAN search for the server periodically. 

In state 103, the local computer adjusts or maintains local 
software settings to direct network traffic to the proper active 
server, and returns to state 101. 

In state 104, a new server is selected. In a preferred 
embodiment, this involves the local computer examining the 
capabilities of all active computers on the LAN, and apply- 
ing rules to determine which of the computers should 
become the server. Since all of the computers on the LAN 
apply the same criteria to determine which of them should 
become the server, and all of them have the same informa- 
tion on the capabilities of the computers on the LAN, all of 
the computers will make the same selection. 

If it is determined that the local computer should become 
the server, then the local computer transitions to state 105 
and becomes the active server. Otherwise, some other com- 
puter on the LAN becomes (or remains) the server, and the 
local computer transitions to state 102, to search for the 
active server. 

In one embodiment, the rules that determine which of the 
computers should become the server may be relatively 
simple. First, to become a server, a computer must have a 
modem or other communication device with which it can 
establish a connection to an ISP. If the local computer has no 
modem, it cannot be the active server. Next, the computer 
with the fastest modem should become the active server. If 
the information on capabilities indicates that any of the 
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computers on the network has a faster modem than the local 
computer, then the local computer should not become the 
active server. Next, if there was a tie on modem speed, then 
the computer with the highest overall system speed should 

s become the server. If the information on capabilities indi- 
cates that the modem speed of the local computer is the same 
as at least one other computer on the LAN, and the system 
speed of the local computer is less than another computer on 
the LAN having the same modem speed, then the local 

1Q computer should not become the active server. Finally, in the 
event that there is a tie on both modem speed and overall 
system speed, then the computer with the lowest network 
address is selected as the server. 

It will be evident that there are many other rules that could 
be applied to determine which computer should become the 

15 server. The determination could be made, for example, based 
a weighted sum of the information on the capabilities of each 
computer on the LAN. Alternatively, other capability 
information, such as average actual throughput when con- 
nected to the ISP could be used as a factor in deciding which 

20 computer should become the active server. Additionally, the 
selection process could be done by a single computer, such 
as the currently active server, rather than being done simul- 
taneously on all of the active computers on the LAN. 
In state 105, the local computer becomes the active server 

25 by starting the gateway software. In a preferred 
embodiment, the gateway software comprises a modified 
version of a network address translation software package, 
such as SYGATE, by SyberGen Incorporated, of Fremont, 
Cali. 

30 Alternatively, the gateway software may comprise proxy 
server software. Proxy server software is somewhat less 
preferred, because it is more difficult to configure. If proxy 
server software is used, then server selection agent software 
20 should be modified to act as a local proxy server that runs 

35 on every computer on the LAN, and redirects messages to 
the "actual" proxy server software (i.e. a proxy cascade) 
running on the selected server, that in turn redirects network 
traffic to the Internet. This indirect approach avoids the need 
to reconfigure all of the Internet capable software on the 

40 computer every time-the server changes. - 

In one embodiment, the gateway software is modified for 
use with server selection agent software 20 so that the 
gateway software and server selection agent software 20 can 
communicate with each other, and (optionally) so that the 

45 gateway software can shut down when an override request 
is processed, or when the rules indicate that a better server 
has become available. Alternatively, server selection agent 
software 20 may use standard operating system services to 
monitor unmodified gateway software, or to shut the gate- 

50 way software down when necessary. 

If the gateway software fails to start, the local computer 
transitions to state 106, in which a "Shutdown" message is 
broadcast. The local computer then transitions back to state 
101. If the gateway software starts successfully, the local 

55 computer transitions to state 107, which synchronizes net- 
work traffic between the new server and the other active 
computers on the LAN. The local computer then transitions 
into state 108. 

State 108 is a state in which server selection agent 
60 software 20 interacts with the gateway software. If a remote 
or local Internet request is received and the server is not 
already connected to the ISP, a connection is established. 
When notice is received that the operating system is shutting 
down (e.g. because the user is shutting down the computer), 
65 the local computer transitions to state 106. If an override 
request is received, the local computer transitions to state 
109. 
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Additionally, if the local computer is in state 108, and an 
initialization broadcast is received, the rules described above 
with respect to state 104 may be applied to determine if the 
newly initialized computer would be a better server. If so, 
the local computer may optionally transition to state 106, 
shutting down as server, and allowing the newly initialized 
computer to become the active server. 

In state 109, the local computer (which is also the active 
server) handles receipt of an override request. A message is 
displayed on the screen asking the user of the local computer 
if he or she approves the override request. If all users of 
active computers on the LAN agree to the request, then the 
local computer shuts down the gateway software, stops 
acting as the server, and transitions back to state 101. If any 
user on the LAN refuses to allow the override request, or a 
timeout occurs, then the local computer returns to state 108, 
and remains the active server. 

State 110 handles a user-initiated override request. When 
the user of the local computer requests that the local com- 
puter become the active server, approval is needed from all 
other active computers on the LAN. State 110 broadcasts an 
override request message, and waits to hear back from all of 
the active computers on the LAN, or for a timeout to occur. 
If all of the other active computers on the LAN approve the 
override request, then the local computer transitions to state 
105 and becomes the active server. Otherwise, the local 
computer informs the user that the override request was 
unsuccessful, and returns to state 101. 

State 111 handles the receipt of an override request when 
the local computer is in state 101. A message is displayed on 
the screen asking the user if he or she approves the override 
request. If the user approves of the request, the local 
computer broadcasts approval. If the user disapproves or a 
timeout occurs, the local computer broadcasts disapproval of 
the request. If all of the active computers on the LAN send 
approval, the request has been approved, and the local 
computer transitions to state 102, to search for the new 
server. Otherwise, the local computer returns to state 101. 

Referring now to FIG. 3, a state diagram of an alternative 
preferred embodiment of the server selection agent software 
of the present invention is described. Server selection agent 
software 30 may be more preferred than server selection 
agent software 20 of FIG. 2, since it is somewhat simpler, 
and more robust handling errors. Server selection agent 
software 30 executes on every computer on a LAN, and may 
be either a part of the operating systems of the computers on 
the LAN or may be a separate application. Server selection 
agent software 30 starts executing in state 200 when the 
operating system is started. 

State 200 is an initialization state, in which server selec- 
tion agent software 30, executing on a local computer, 
initializes itself and determines the capabilities of the active 
computers on the LAN. The information on the capabilities 
of the active computers on the LAN preferably comprises 
information on whether each computer has a modem or 
other communication device with which it can communicate 
with a wide area network, the speed of any modems or 
communication devices, and information on the overall 
system speed. This information may be gathered in a manner 
similar to that described hereinabove with reference to FIG, 
2. When initialization is finished, the local computer tran- 
sitions to state 201. 

In state 201, the local computer searches for an active 
server. This may be achieved by the local computer broad- 
casting a network message to all computers on the LAN 
requesting that they respond if they are the active server. If 
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another computer on the LAN responds that it is the active 
server, then the local computer applies a set rules to deter- 
mine if the local computer would be a better server than the 
current active server. The rules that are used to make this 

5 determination, for example, may be identical to the rules 
described with reference to state 104 of FIG. 2. 

If, based upon application of the foregoing rules, it is 
determined that the local computer would be a better server, 
then the local computer broadcasts a " VoteReq" message to 

10 all of the computers on the LAN, and transitions to state 203. 
Otherwise, if the rules determine that the local computer is 
not better than the active server, then the local computer 
transitions to state 202. 
If no computer on the LAN responds that it is the active 

15 server, then the local computer transitions to state 203 to 
choose a server. Additionally, if an error condition occurs, 
such as if more than one computer responds that it is the 
active server on a LAN that can have only one active server, 
state 202 may force all of the systems on the LAN to choose 

20 a new server. This is achieved by broadcasting a "Re Vot- 
eReq" message to all of the computers on the LAN, and 
transitioning to state 203. 

State 202 is a standby state, in which server selection 
agent software 30 waits for some event, such as a broadcast 

25 message from other computers on the LAN, or a timeout 
condition, to cause it to transition to a different state. If a 
"Shutdown" message, a "ReVoteReq" message, a "Vot- 
eReq" message, or a "ForceToBeServer" message 
(described hereinafter) is received while the local computer 

30 is in state 202, the local computer transitions to state 203 to 
select a new server. 

Additionally, the local computer expects to receive an 
"Alive" message from the active server at regular intervals. 

35 If such a message is not received for a specified length of 
time, a timeout condition occurs. A timeout condition typi- 
cally indicates that the active server is no longer functioning 
due to some problem, such as if the active server freezes or 
crashes. When a timeout condition occurs, the local com- 

40 puter transitions to state 203, to select a new server. 
Optionally, the local computer may also broadcast a "ReVo- 
teReq" message to all the active computers on the LAN, to 
let all the computers know that a new server should be 
selected. 

45 It should be noted that the timeout condition of state 202 
operates in a very different manner than the timer event 
described with reference to state 101 of FIG. 2. The timer 
event causes a kind of "polling** to occur, in which each of 
the computers searches for the server at regular intervals. 

50 Using the timeout event of state 202, the computers do not 
repeatedly search for a server. Instead, the active server 
periodically broadcasts "Alive" messages to let the comput- 
ers on the LAN know that it is still functioning. It will be 
evident to one skilled in the art that the "polling" mode 

55 described with reference to FIG. 2 could be applied to the 
software shown in FIG. 3, or the timeout mode described 
with reference to FIG. 3 could be applied to the software 
shown in FIG, 2. 

State 202 also handles user initiation of an override 

eo request. If the user of the local computer decides that he or 
she wants the local computer to become the server, an 
override request may be initiated from state 202. If the user 
initiates an override request, the local computer broadcasts 
a "ForceToBeServer" message, and transitions to state 203. 

65 In state 203, a new server is selected. If the local computer 
reaches state 203 because there was no active server on the 
network, due to a timeout, due to an error, or because a 



01/15/2004, EAST Version: 1.4.1 



6,119,162 

11 12 

"ReVoteReq" message was received, then the local com- When notice is received that the operating system is shutting 

puter applies a set of rules to determine which of the active down (e.g. because the user is shutting down the computer), 

computers on the LAN should become the server. The rules the local computer transitions to state 207. If a "VoteReq" 

applied may be identical to the rules described hereinabove message or a "ReVoteReq" message is received, then the 

with reference to FIG. 2. If the rules determine that the local 5 local computer transitions to state 203. Additionally, the 

computer should become the active server, then the local local computer (that is also the active server) periodically 

computer transitions to state 204. Otherwise, if the rules broadcasts "Alive" messages to all of the other computers on 

determine that the local computer should not become the the LAN, to let the other computers know that the active 

active server, the local computer transitions to state 202. If server is still functioning. 

no computer on the LAN can become the active server (e.g. 10 i n state 206, an error message is displayed, informing the 

because none of the active computers on the LAN has a user 0 f t he local computer that the gateway software failed 

modem), then an error message is displayed, and the local t 0 start. The local computer then transitions to state 202. 

computer transitions to state 202. Optionally, the local computer may remove itself from the 

If the local computer reaches state 203 due to a "VoteReq" set of computers that may become the active server prior to 

message, a "Shutdown" message, or a determination that the 15 switching to state 202, Additionally, the local computer may 

local computer would be a better server than the active optionally broadcast a "ReVoteReq" message, to let the 

server, then an additional step is required. For a vote to occur other computers on the LAN know that an error has 

in these conditions, the consent of the users of other active occurred, and it is necessary to select a new server, 

computers on the LAN is needed. A message will be In state 207, the local computer broadcasts a "Shutdown" 

displayed on each of the computers on the LAN, requesting 20 message, and waits for the Operating system to shut down, 

the user's consent. If consent is given by all of the computers i t mav be necessary for the local computer to refuse to shut 

on the LAN, then the process of selecting a server will down, and to return to state 205 if the users of the other 

proceed, as described hereinabove. If consent is not given, active computers on the LAN refuse to give their consent for 

then the active server will remain active, and the other t h e local computer to stop being the active server, 

computers on the LAN will return to state 202. 25 AUhough preferred iii ustr ative embodiments of the 

It should be noted that this is a different procedure than is present invention are described above, it will be evident to 

used in the software described with reference to FIG. 2, ooe skilled in the art that various changes and modifications 

since permission is needed for the active server to shutdown, ma y be made without departing from the invention. For 

or for a computer that is better than the active server to ^ example, if there are multiple telephone lines, the server 

become the active server. In the software described with selection agent software may be altered to handle more than 

reference to FIG. 2, no permission from other users is one active server, and the state that searches for active 

needed to perform these functions. It will be evident to one servers may determine which or the active servers to use 

skilled in the art that a permission scheme similar to the one based on the load at each active server. Additionally, if there 

described with reference to state 203 also could be applied ^ are multiple active servers, each computer may route net- 

to the software of FIG. 2. Similarly, state 203 could be wor k traffic through more than one active server to increase 

altered so that these functions are performed without per- network bandwidth. 

mission of the users of other computers. Additionally, the mechanism for obtaining consent for an 

State 203 also handles override requests. If the local override, or for other functions that require consent could be 

computer reaches state 203 due to a user initiated override 4Q changed so that a simple majority is needed, or so that only 

request, or a "ForceToBeServer" message, then consent is the approval of the active server, or of a network adminis- 

needed before the computer that made the request may trator is needed. As discussed above, the server selection 

become the active server. Each of the active computers on m \ cs mav be altered to change the criteria used to determine 

the LAN displays a message requesting consent from the which computer is selected as the active server, 

user for the override request. If consent is given by the users 4g ft [& intended in the append ed claims to cover all such 

of all of the active computers on the LAN, then the computer ch and modifications mat fail wilhin the true spirit and 

that made the override request becomes the server, by SC ope of the invention 

transitioning to state 204, while the other computers on the y/hat is claimed is: 

LAN transition to state 202, and become clients of the new 1. Amethod of sharing a connection to the Internet among 

server. Otherwise, if consent is not given by all of the users 5Q a lufali of com ters connec ted to a local area network, 

of active computers on the LAN, then the active server (hc mcthod uprising. 

remains active, and all of the other computers on the LAN . . 

. . * (a) determining that a subset of the plurality of computers 

transition to state 202. w , . & - r 3 r 

^ , are available for use as a server; 

The local computer enters state 204 if it is decided ... f 

through the server selection process that the local computer 55 < b ) automatically se ectmg one of the subset of the 

should become the active server. Id state 204, the gateway P luraht y of COm P Utcrs t0 become the ^ 

software is started. The gateway software preferably com- (<0 repeating steps (a) and (b) when the server becomes 

prises modified gateway software, but may also comprise unavailable; 

unmodified gateway software, as discussed hereinabove (d) establishing a connection between the server and the 

with reference to FIG. 2. If the gateway software starts gp Internet; and 

successfully, the local computer transitions to state 205. ( e ) routing Internet traffic through the server to the Inter- 
Otherwise, if the gateway software fails to start, the local ne t. 

computer transitions to state 206. 2. The method of claim 1, wherein routing Internet traffic 

State 205 is a state in which server selection agent through the server to the Internet comprises a step of running 

software 30 interacts with the gateway software. If a remote 65 gateway software on the server. 

or local Internet request is received and the server is not 3. The method of claim 2, wherein the gateway software 

already connected to the ISP, a connection is established. comprises network address translation software. 
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4. The method of claim 2, wherein the gateway software 
comprises proxy server software. 

5. The method of claim 1, wherein determining that a 
subset of the plurality of computers are available for use as 

a server further comprises gathering information on selected 5 
capabilities of active ones of the plurality of computers. 

6. The method of claim 5, wherein automatically selecting 
one of the subset of the plurality of computers to become the 
server comprises evaluating a set of rules to determine 
which of the subset should become the server. id 

7. The method of claim 6, wherein evaluating the set of 
rules comprises evaluating the information on selected capa- 
bilities of active ones of the plurality of computers. 

8. The method of claim 7, wherein the selected capabili- 
ties include a communication speed of each of the active 15 
ones of the plurality of computers, and evaluating the set of 
rules comprises evaluating the communication speed. 

9. The method of claim 7, wherein the selected capabili- 
ties include a system speed of each of the active ones of the 
plurality of computers, and evaluating the set of rules 20 
comprises evaluating the system speed. 

10. The method of claim 6, wherein the method further 
comprises reevaluating the set of rules when an additional 
computer becomes active. 

11. The method of claim 1, wherein determining that a 25 
subset of the plurality of computers are available for use as 

a server further comprises determining which of the plurality 
of computers are powered on. 

12. The method of claim 1, wherein determining that a 
subset of the plurality of computers are available for use as 3D 
a server further comprises determining which of the plurality 

of computers has access to a communication device capable 
of establishing a connection to the Internet. 

13. The method of claim 1, wherein the method further 
comprises permitting a user of one of the subset of the 35 
plurality of computers to override automatic selection of the 
server. 

14. The method of claim 13, wherein permitting a user to 
override automatic selection of the server further comprises 
overriding automatic selection of the server only if the users 40 
of all of the subset of the plurality of computers consent. 

15. Apparatus for selecting a computer on a local area 
network to become a server to permit sharing of an Internet 
connection among a plurality of computers connected to a 
local area network, the apparatus comprising a local com- 45 
puter connected to the local area network, the local computer 
programmed to: 

(a) determine that a subset of the plurality of computers 
are available for use as a server; 

(b) automatically select one of the subset of the plurality 50 
of computers to become the server; 

(c) repeat steps (a) and (b) when the server becomes 
unavailable; 

(d) establish a connection between the local computer and 55 
the Internet, and become the server, if the local com- 
puter was selected to become the server; and 

(e) route Internet traffic through the server to the Internet. 

16. The apparatus of claim 15, wherein the local computer 

is further programmed to inform other active ones of the 60 
plurality of computers that the server is unavailable if the 
local computer is the server, and the local computer is 
becoming unavailable. 

17. The apparatus of claim 15, wherein the local computer 

is further programmed to execute gateway software to route 65 
Internet traffic to the Internet, if the local computer is the 
server. 
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18. The apparatus of claim 17, wherein the gateway 
software comprises network address translation software. 

19. The apparatus of claim 17, wherein the gateway 
software comprises proxy server software. 

20. The apparatus of claim 17, wherein the local computer 
is further programmed to gather information on selected 
capabilities of active ones of the plurality of computers. 

21. The apparatus of claim 20, wherein the local computer 
is programmed to automatically select one of the subset of 
the plurality of computers to become the server by evalu- 
ating a set of rules to determine which of the subset should 
become the server. 

22. The apparatus of claim 21, wherein evaluating the 
rules comprises evaluating the information on selected capa- 
bilities of the active ones of the plurality of computers. 

23. The apparatus of claim 22, wherein the selected 
capabilities include a communication speed of each of the 
active ones of the plurality of computers, and the evaluating 
the set of rules comprises evaluating the communication 
speed. 

24. The apparatus of claim 22, wherein the selected 
capabilities include a system speed of each of the active ones 
of the plurality of computers, and evaluating the set of rules 
comprises evaluating the system speed. 

25. The apparatus of claim 21, wherein the local computer 
is further programmed to reevaluate the set of rules when an 
additional computer becomes active. 

26. The apparatus of claim 15, wherein the local computer 
is programmed to determine that a subset of the plurality of 
computers are available for use as a server by determining 
which of the plurality of computers are powered on and have 
access to a communication device capable of establishing a 
connection to the Internet. 

27. The apparatus of claim 21, wherein the local computer 
is further programmed to permit a user of one of the subset 
of the plurality of computers to override automatic selection 
of the server. 

28. The apparatus of claim 27, wherein the local computer 
is programmed to permit a user to override automatic 
selection of the server only if the users of all of the subset 
of the plurality of computers consent. 

29. Apparatus for sharing an Internet connection among a 
plurality of computers, the apparatus comprising: 

a local area network interconnecting the plurality of 

computers; and 
a communication line permitting a connection between at 

least one of the plurality of computers and the Internet; 
wherein each one of the plurality of computers comprises 

a processor programmed to: 

(a) determine that a subset of the plurality of computers 
are available for use as a server; 

(b) automatically select one of the subset of the plu- 
rality of computers to become the server; 

(c) repeat steps (a) and (b) when the server becomes 
unavailable; 

(d) establish a connection between the computer and 
the Internet, and become the server, if the computer 
was selected to become the server; and 

(e) route network traffic through the server to the 
Internet. 

30. The apparatus of claim 29, wherein the local area 
network comprises a network hub, and each of the plurality 
of computers is connected to the local area network through 
the network hub. 

31. The apparatus of claim 29, wherein at least one of the 
plurality of computers comprises a communication device 
coupled to the communication line. 
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32. The apparatus of claim 31, wherein the communica- 
tion device comprises a modem, and the communication line 
comprises a public telephone line. 

33. The apparatus of claim 31, wherein the communica- 
tion device comprises a cable modem, and the communica- 
tion line comprises a cable line. 

34. The apparatus of claim 31, wherein the communica- 
tion device comprises a digital subscriber line modem, and 
the communication line comprises a digital subscriber line. 

35. The apparatus of claim 31, wherein the communica- 
tion device comprises an ISDN modem, and the communi- 
cation line comprises an ISDN line. 

36. The apparatus of claim 29, wherein the server 
executes gateway software to route network traffic to the 
Internet. 
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37. The apparatus of claim 36, wherein the gateway 
software comprises network address translation software. 

38. The apparatus of claim 28, wherein the gateway 
software comprises proxy server software. 

39. The apparatus of claim 29, where the local area 
network comprises network connections chosen from a set 
consisting of lOBase-T, 100Base-T, telephone lines, power 
lines, wireless infrared communications, and wireless RF 
communications. 
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[57] ABSTRACT 

The Invention comprises a method and system far monitor- 
ing the performance of a computer in a computer network 
using modular extension agents. In accordance with the 
method of the invention the first computer repeatedly 
obtains performance data including at least one performance 
value comprising a measure of the performance of the 
computer. The performance data is automatically sent over 
the computer network through a second computer coupled to 
the computer network. The second computer receives the 
performance data and passes the performance data to a first 
extension agent, wherein the first extension agent is operable 
to process the performance data. 

20 Claims, 5 Drawing Sheets 
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METHOD AND SYSTEM FOR MONITORING 
THE PERFORMANCE OF COMPUTERS IN 
COMPUTER NETWORKS USING MODULAR 
EXTENSIONS 

CROSS-REFERENCE TO RELATED 
APPLICATIONS 

This application is related to U.S. application Sen No. 
08/678,934, filed on Jul. 12, 1996 by Gregory M. Burgess, 
et al. and entitled 4 'Method and System for Performance 
Monitoring in Computer Networks," pending. 

This application is related to U.S. application Ser. No. 
08/679593. filed on Jul. 12, 1996 by Gregory M. Burgess, 
et al. and entitled "Method and System for Tracking the 
Configuration of a Computer Coupled to a Computer 
Network," pending. 

These applications have been commonly assigned to 
Electronic Data Systems Corporation. 

TECHNICAL FIELD OF THE INVENTION 

This invention relates generally to performance monitor- 
ing in computer networks and more particularly to a method 
and system for monitoring the performance of a computer in 
a computer network using modular extensions. 

BACKGROUND OF THE INVENTION 

The use of computer networks connecting a number of 
computers has been increasing. Often, computer networks 
are connected in a client server relationship. One or more 
server computers normally contain resources that are shared 
among a number of client computers. Shared resources can 
also be stored on client computers. 

Because a server is a shared resource, the capabilities that 
the server needs to possess to adequately serve the client 
computers vary depending upon the number of users of the 
shared resources. As the number of client computers grows, 
demands on a server will often increase. The capabilities of 
the server may affect the amount of time it takes for a client 
to access a shared resource on a server. If the server does not 
have sufficiently high performance characteristics, clients 
may incur greater delays in waiting to access shared 
resources. Network planners thus take server performance 
into account when designing a network and when upgrading 
a network. 

Depending upon the configuration of a network, the types 
of tasks ordinarily performed by users of the network, usage 
patterns that may develop over the course of a workday, and 
other such variables, the performance level desired for a 
particular server in a particular computer network may vary 
considerably. One way to determine the performance desired 
for a particular server in a particular network is to study the 
performance of existing servers on that network over time. 
By garnering performance statistics, network planners can 
better determine the performance level desirable for 
upgrades either to specific servers or to the network as a 
whole such as by adding additional servers. 

Network planners will normally use some type of perfor- 
mance monitoring software to aid in the task of monitoring 
computer performance. Unfortunately, existing performance 
monitoring software normally requires human intervention. 
A network planner often must be either physically present at 
the computer whose performance he desires to monitor or 
logged onto that computer from a remote location. Thus, 
performance monitoring may be time consuming because a 
network operator will normally need to be physically present 
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when using performance monitoring software. In a large 
network, a network operator might spend a day or several 
days simply obtaining a small amount of performance data 
from each server in the network. 

5 Existing performance monitoring software normally has a 
number of built-in functions. Adding additional functions 
desired by a particular network operator may be difficult and 
expensive. Existing programs that require network operator 
intervention are also not useful in detecting server perfor- 

10 mance that has become so critical that the server may fail or 
that the entire network may fail. This performance data 
might only be obtained if the network operator happens to be 
monitoring the rjerformance of the particular server at the 
time when its performance becomes critical. Existing per- 

15 formance monitoring software, therefore, is mostly unhelp- 
ful in predicting either server or network failure. 

Finally, existing performance monitoring programs do not 
allow easy tracking of the configuration of computers in the 
network. 

20 

SUMMARY OF THE INVENTION 

The invention comprises a method and system for moni- 
toring the performance of a computer coupled to a computer 
network. The invention employs a novel architecture includ- 

25 ing modular program extensions to allow flexible upgrades 
to the invention's performance monitoring capability. One 
aspect of the invention is a method for monitoring the 
performance of a first computer coupled to a computer 
network. Performance data is repeatedly obtained using the 

30 first computer and comprises at least one performance value 
which is a measure of the performance of the first computer. 
The performance data is automatically sent over the com- 
puter network to a second computer coupled to the computer 
network. The performance data is received at the second 

35 computer and then passed to a first extension agent wherein 
the first extension agent is operable to process the perfor- 
mance data. 

The invention has several important technical advantages. 

w The invention allows simultaneous r^ormance monitoring 
of a number of computers, typically server computers, 
connected to a computer network. The performance data is 
sent to a central listener application which allows the 
performance data to be easily logged for future reference by 

45 a network administrator. The modular extension agent archi- 
tecture of the invention allows the performance monitoring 
capabilities of the central listener application to be easily 
upgraded to include additional capabilities. Also, because 
the central listener application is modular, different embodi- 

^ ments of the invention with different capabilities may be 
sold as different products to different customers. In addition, 
in certain networks, the network administrator may only 
desire to provide some of the possible performance moni- 
toring capabilities associated with the invention. The modu- 

J5 larity of the central listener application allows a network 
administrator to choose which performance monitoring 
capabilities to provide at particular locations. 

BRIEF DESCRIPTION OF THE DRAWINGS 

00 For a more complete understanding of the present inven- 
tion and the advantages thereof, reference is now made to 
the following descrqrions taken in conjunction with the 
accompanying drawings in which; 
FIG. 1 illustrates a computer network using the method 
65 and system of the present invention; 

FIG. 2 illustrates a computer that may be used in the 
computer network of FIG. 1; 
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FIG. 3 illustrates a block diagram of a monitoring and When monitoring and tracking listener 18 is ready to gather 

tracking agent constructed in accordance with the teachings the performance data, it retrieves previously ungathered 

of the invention; performance data from monitoring and tracking agent 16. 

FIG. 4 illustrates a block diagram of a monitoring and Monitoring and tracking agent 16 also generates alerts if 

tracking listener with listener extensions constructed in 5 one or more aspects of the performance of monitored 

accordance with the teachings of the invention; computer 12 has reached a critical level Monitoring and 

FIG. 5 illustrates a flow chart of the operation of the tracking agent 16 monitors the performance of monitored 

monitoring and tracking agent of FIG. 3; computer 12 at preset intervals and compares one or more 

FIG. 6 illustrates a flow chart of the operation of the event in P^nnance pararneters to preset thresholds. If the corn- 
capture thread of the monitoring and tracking agent of FIG. P*™ 00 to a threshold indicates mat performance has 
y become alertablc, monitoring and tracking agent 16 gener- 
' —~ _ _ . _ r ,. _ r ^ , _ ates an event which is sent to the local operating system 
* S Z* I* ^Ll ° PC ?^ the , alert «e_ log of monitored compute 12 and seodTa nJssagc to 
thread of the mortaring and tracking agent of PIG. 3; monitoring and tracking listener 18 with the infoxZioo 

FIG. 8 illustrates a flow chart of the operation of the is regarding the alert 

logging thread of the monitoring and tracking agent of FIG. Monitoring ^ ttackmg ag eat 16 ^tors operating 

system events on monitored computer 12. Each time a new 

FIG. 9 illustrates a flow chart of the operation of the event is placed in the operating system event log (the 

monitoring and tracking listener application of FIG. 4; and WINDOWS NT event log in this embodunent), moiiitoring 

HG. 10 illustrates a flow chart of the operation of the 20 and tracking agent 16 processes the event If the user of 

statistics gathering thread of the monitoring and tracking monitoring and tracking agent 16 has indicated that this type 

listener application of HG. 4. of event has a high enough priority to monitor directly, then 

________ ____ moiiitoring and tracking agent 16 sends a message with the 

DETAILED DESOTff - ON OF THE event ix_on_tion to monitoring and tracking listener 18. 

INYfcmTON 25 Low priority events are filtered out and ignored. 

The preferred embodiment of the present invention and its Monitoring and tracking agent 16 may also be used to 

advantages are best understood by referring to FIGS. 1—10 monitor configuration changes for rnonitored computer 12. 

of the drawings, like numerals being used for like and Each time that monitoring and tracking agent 16 is started, 

corresponding parts of the various drawings. it analyzes the current system configuration of monitored 

FIG. 1 illustrates a computer network 10 that employs the computer 12 to determine whether any changes have been 

performance monitoring method and system of the present made since the prior time that monitoring and tracking agent 

invention. Computer network It comprises a plurality of 16 was started. If changes have been made, these changes 

monitored computers 12 networked to a nuniber of moni- are sent to nwnitoring and tracking listener 18 so that 

toring computers 14. Although this embodiment has two 35 monitoring computer 14 may keep track of the most current 

monitored computers 12 and two monitcring computers 14, configuration of monitored computer 12. 

other embodiments of the invention may have either a Monitoring and tracking listener 18 will normally be run 

different number of monitored computers 12 or monitoring as an operating system service on xronitoring computer 14. 

computers 14. Ordinarily, the monitored computers 12 will l_ this eiobodiment, monitoring and tracking listener 18 

be seryer computers but could be any type of computer. ^ roir^mses a W^ 

Computer network 10 may comprise any type of computer computer 14. Monitoring and tra cking listener 18 receives 

network such as a local area network or wide area network. messages and data from monitoring and tracking agent 16. 

Monitoring and tracking agent 16, which comprises a Monitoring and tracking listener 18 also dispatches data and 

program that is run by monitored computer 12, monitors the messages to one or more plug-in listener extensions 20. 

performance of monitored computer 12. Monitoring and 45 Listener extensions 20 may then direct some or all of the 

tracking agent 16 sends performance data to monitoring and data to databases, a central console, or simple text files, 

tracking listener 18, which is a program running on moni- Monitoring and tracking listener 18 could also perform some 

toring computer 14. Monitoring and tracking listener 18 of these functions itself rather than handling these functions 

may, in turn, forward the data obtained from nwmtoring and using listener extensions 20. 

tracking agent 16 to one or more listener extensions 20, 50 FIG. 2 illustrates a general purpose computer 24 that may 

which comprise programs running on rjKHUtoring computer be used for either monitored computer 12, monitoring com- 

14. puter 14, or both. Computer 24 may be adapted to execute 

Although the structure and operation of monitoring and any of the well known MSDOS, PCDOS, OS2, UNIX, 

tracking agent 16 and monitoring and tracking listener 18 MOTIF, MAC-OS, X-WINDOWS, and WINDOWS oper- 

will be described in more detail below, a brief overview of 55 ating systems, or other operating systems. Computer 24 

the operation of each will now be given. Monitoring and comprises processor 26, random access memory (RAM) 28, 

tracking agent 16 will normally run as an operating system read only memory (ROM), 30, mouse, 32, keyboard 34 and 

service on monitored computer 12. In this emrxxUmeot iiroutfoutput devices such as printer 38, disk drives 36, 

momtoring and tracking agent 16 is a WINDOWS NT display 40 and cconmunications link 42. The present invea- 

service. Monitoring and tracking agent 16 may perform 60 tion includes computer software that may be stored in RAM 

several functions related to performance monitoring of 28, ROM 30, or disk drives 36 and is executed by processor 

monitored computer 12. Monitoring and tracking agent 16 26. Communications link 42 is connected to computer 

monitors .the performance of monitored computer 12 over network 10, but could also be connected to a telephone line, 

time and captures performance data reflecting one or more an antenna, a gateway, or any other type of communications 

aspects of the performance of monitored computer 12. At 65 link. Disk drives 36 may include a variety of types of storage 

preset intervals, it stores the data in a log file and notifies media such as, for example, floppy disk drives, hard disk 

monitoring and tracking listener 18 that it has new data. drives, CD-ROM drives, or magnetic tape drives. 
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FIG. 3 Illustrates a block diagram of an embodiment of page file, the total virtual memory size, and the available 
monitoring and tracking agent 16 constructed in accordance virtual memory size Configuration procedure 44 may also 
with the invention. Monitoring and tracking agent 16 is obtain configuration information regarding the services and 
preferably a multi-threaded application mat can efficiently drivers available on the system. Examples of the configu- 
process performance data. The structure of monitoring and 5 ration information about each service or driver include the 
tracking agent 16 illustrated in FIG. 3 is only one of many name of the service or driver, its status, the service type, the 
possible structures and other structures could be used to start-up configuration, the full path name of the executable 
perform the functions of the invention. In addition, moni- image, the file size, the file date, the version number, the 
toring and tracking agent 16 need not be a multi-threaded location of the raw version, and the location of the ASCII 
application. 10 version. 

Monitoring and tracking agent 16 comprises configura- j^g capture thread 46 Is used to monitor events occurring 
tion procedure 44, log capture thread 46, alert thread 48, on monitored computer 12. Log capture thread 46 processes 
logging thread SO, event transport thread 54, configuration eac j 1 ^eat received by an event log associated with oper- 
qucue thread 47, performance data procedure 58 and con- system 64. In this embodiment, the event log is the 

nection manager thread 62. Monitoring and tracking agent 15 windows NT event log. Log capture thread 46 monitors 
16 communicates with operating system 64. Operating sys- me event log for new events. If a new event is posted to the 
tern 64 comprises the operating system for monitored com- event log ^ log capture thread 46 will process that event 
puter 12. In addition, monitoring and tracking agent 16 c ^ urc thrcnd 4* p^^ a filtering feature when 

maintains event queue 52, performance data file 56 and U ^ event is filtered out, log capture 

ejection ust^ 20 Sread 46 ignores that event If an event was not filled out 

tracking agent 16 will be more fully described in connection *™ generates a message indicating 

witoHGS.^below,a^ SaTan^Kas ^urred^erein the menage include! 
component is now provided. ^ about me OTCnt ^ capt^ thread 46 places the 

ConfiguratioD procedure 44 is invoked by a mam thread m e m queue 52. The message will eventually be 
(not explicitly shown), which handles initialization as well 25 forw ^led to monitoring and tracking listener 18. 
as configuration change reporting. When n^mtonng and embooiment operating system 64 has multiple 

tracking agent 16 is started, configuration procedure 44 ^ ™ monltSrlog capture thread 46. Each 

^system configuration mfonnaUon^ch as urforma- ™ |ff c^JS to ~ In monitored 

tion about the operating system, hardware, software, 6 ^VTT 7 4 . \^ , , . . 

nLary, logical dfcks. syste^ environment, services and 30 " T 

Z,»7tall devices of momtored computer 12. This iden^on Dumber ideotfymg parted events. Log cap- 
Sot^doD can be used to track coofiguratiTchanges such *™ *read 46 may fUter event, based upon the event log in 
as software updates and hardware upgrades for monitored appearOhe source of toe event, fteevent 

, * aa ^« identification number. Filters can include or exclude specific 

computer 12. Conftgurabon ^^"J™**^*?. „ event identification numbers, event sources, 01 evenUogs. 
figurahon queue thread 4 7J?£^*"i™^ " 35 Filtering is hierarchical in this embodiment: event identifi- 
obtains the configuration information from operating system ****** s 

64. In this embodiment, configuration procedure 44 obtains wtio "^ ev ^?^^^ ™tZ log ?f A 
ttVe ^^^Z^^from uTwd^WS NT nuy be used to indicate whether to include or exclude events 
reis^Kintained by operating system 64. Configura- with a specific identification number, source, or event log. 
tion procedure 44 compares the obtained configuration 40 Alert thread 48 monitors various performance counters 
information with prior configuration information that con- reflecting the performance of monitored computer 12, cal- 
figuration procedure 44 maintains in a file (not explicitly culates performance values for those counters and compares 
shown). If the configuration information is unchanged, con- those values to predetermined thresholds. If the comparison 
figuration procedure 44 simply terminates. If the configu- indicates that the performance of monitored computer 12 has 
ration information has changed, configuration procedure 44 45 reached an alertable level, then alert thread 48 gcoerates an 
generates a message for monitoring and tracking listener 18 alert Alerts generated by alert thread 48 comprise a message 
containing the configuration information. Configuration pro- identifying the message as an alert and including data about 
cedure 44 places this message in configuration changes the alert. Alert thread 48 places such alert messages in event 
queue 45. Configuration queue thread 47 reads configuration queue 52. 

changes out of configuration changes queue 45 and sends to 50 Alert thread 48 obtains performance Information about 
listeners appearing on connection list 60 as described below. monitored computer 12 using counters maintained by oper- 
Examples of configuration information that may be ating system 64. Each counter reflects one aspect of the 
obtained by configuration procedure 44 regarding the oper- performance of monitored computer 12. In this embodiment, 
ating system include the date of installation, me registered the counters comprise WINDOWS NT performance 
owner, the registered organization, the current version, the 55 counters maintained by the WINDOWS NT operating sys- 
system root directory, the current version of operating tern. Alert thread 48 monitors these counters at an adjustable 
system, the product type, the build number of the operating time interval which is determined by the user of monitoring 
system, and various start-up options of the operating system. and tracking agent 16. After the passage of each interval of 
Examples of configuration information that configuration time, alert thread 48 captures the values of toe performance 
procedure 44 may obtain regarding the hardware include the 60 counters, calculates performance values based upon the 
OEM ID, toe system BIOS date, toe page file size for virtual counters, and compares the performance values to predeter- 
mcmory, the ™inimiim application address, the maximum mined threshold values determined by the user of monitor- 
application address, the processor type, and number of ing and tracking agent 16. A performance value might be the 
processors. Examples of configuration information that con- value of a performance counter itself. The user of monitor- 
figuration procedure 44 may obtain regarding the memory 65 ing and tracking agent 16 may associate various levels of 
include the current load, the total physical memory, the performance of a particular performance value with different 
available physical memory, the total page file, the available levels of alerts such as harmless, medium severity, or 
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critical The transmission of an alert indicates that the requests. In this emLxxiiment, if the number of work item 

performance of monitored computer 12 has reached an shortages is greater than 30, an alert is generated. 

alertaWe level. Alert thread 48 also monitors the number of times an 

Alert thread 48 may monitor many different performance internal server error was detected. Under normal circum- 

counters. For example, alert thread 48 may monitor the 5 stances server errors should not occur. Unexpected errors 

percentage of tree space remaining on each logical disk usually indicate a problem with the operating system and 

as sociated with monitored computer 12. In mis enibodirnent, can result in an operating system halt Monitoring of this 

an alert is generated when the percentage of free space is less f^ 0 ™^ ^»»*» ^f^* nt^ork administrator 

than five ascent. This alert raovidcsT warning £at a work to a ? tlon *» J* <* operating system of 

uou i« WU u iud «oi jwriua wanuui; UU u a wua monitored computer 12. In this embodiment if the number of 

station or server logical drive is becoming full and could 10 c%fC *_ ^^J^T^TL-h* ^„^TTiZr^ " , 

- . . „ ./ - system errors exceeds ten, then an alert is generated, 

prevent users from saving data and/or cause performance T . ^ . „ . . , r 

aggradation. Logging thread 50 handles logging of performance data. 

Z ... . . A AQ y ^ Logging thread 50 logs performance data each predeter- 

Ia this emtodiment, alert thread 48 also monitors the mined time interval. The r^termined time interval may be 

percentage of ^ t that a processor is busy executing a set by the user of monitoring and tracking agent 16 and may 

non-idle thread This performance data could be viewed or may not be the same as the interval over which alert 

a measure of the percentage of time that the processor of thread 48 monitors performance for purposes of generating 

monitored computer 12 spends doing useful work. Each ^crts. After the passage of the predetermined time interval, 

processor of monitored cornputer 12 is assigned an idle logging tbltaA 50 obtains the values of performance 

thread in the idle process whic^ processor counters from operating system 64. Frcm uiis data, logging 

cycles. This alert may identify sustained high processor 20 thread 50 may calculate performance values based upoTthe 

utilization which may indicate that a process is running camUt%m Some of the counters may also comprise perfor- 

m^aoperly or mat the processor is Broaching capacity. In vaiues ^bout further calculation. Logging thread 50 

this embodiment, an alert is generated if the percentage of 5torea me performance data with a time stamp 

time thai , a processor is busy executing a non-idle thread ^ identification in r*rformance data file 56. Performance date 

exceeds 85 percent We 56 is a file tot inny be stc^ on me aisk drives 36 

Alert thread 48, in this embodiment also monitors the rate 0 f monitored computer 12. After obtaining the performance 

at which the operating system switches between threads. data and storing it in performance data file 56. logging 

Thread switches can occur either inside a single process or thread 50 causes data to be placed in connection list 60 

across multiple processes. A thread switch is caused either ^ indicating the date and time at which the performance data 

by another thread requesting processor time or by a higher was captured. If this time and date is later than an existing 

priority thread preempting the current thread. Excessive entry, than the existing entry is maintained, 

context switches between threads may indicate that the In this embodiment, logging thread 50 monitors a number 

operating system of monitored computer 12 is overburdened c f performance values. The user of monitoring and tracking 

or causing performance degradation. In mis embodiment, an 3J 16 choose which performance values to monitor 

alert is generated if the number of context switches per ^ may disable the monitoring of others. In this example, 

second exceeds 2,000. performance values monitored by logging thread 50 include 

Alert thread 48, in mis embodiment, also monitors the the available bytes of memory, the cache bytes available, the 

percentage of free space available in each paging file. As the committed bytes, the number of page faults per second, the 

percentage of free space decreases, this performance value ^ number of cache faults per second, the peak number of cache 

may indicate that the operating system is approaching the bytes, the number of pages per second, the size of the paged 

limits of its virtual memory. If the paging files arc full, the bytes pod, and the size of the non-paged bytes pooL 

operating system of monitored computer 12 may halt. Moni- Logging thread 50 also monitors performance data relating 

toring of this performance value may allow a command to to the operating system of monitored computer 12. 

monitored computer 12 to increase the size of its paging file 45 R x ampl re of such performance values include the percent- 

to accommodate the operating system demands. In this age of total operating system privilege time, the percentage 

embodiment, if the paging files are over 80 percent full, an of total processing time, the percentage of total user time, the 

alert is generated. number of context switches per second, the number of file 

Alert thread 48 also monitors the amount of physical control bytes per second, the number of file control opera- 
memory available to the operating system. If a process so tions per second, the number of file data operations per 
running on monitored computer 12 requires more RAM than second, the number of file read bytes per second, the number 
is available, the operating system must swap another process of file read operations per second, the number of file write 
out to the paging files to free memory, which may slow bytes per second, the number of file write operations per 
system performance. As the availability of physical memory second, the number of system calls per second, the total 
shrinks, the operating system must swap more processes in 33 number of interrupts per second, and the system up time, 
and out of memory and performance may degrade. Moni- Logging thread 50 also monitors performance data relat- 
toring of this performance data may allow a message to be ing to the physical disks of monitored computer 12. 
sent to monitored computer 12 to cease executing extrane- Examples of performance values monitored by logging 
ous processes. In this embodiment, an alert is generated if agent 50 include the percentage of time devoted to disk 
the available physical memory falls below one megabyte, go access, the percentage of time devoted to disk reads, and the 

Alert thread 48 also monitors the number of times that the percentage of time devoted to disk writes. Similar counters 

operating system is not able to assign a work item to service may be monitored for each logical disk and the percentage 

a request If a process is not assigned a work item, it will not of free space on each logical disk may also be monitored, 

be serviced by the operating system and must wait before The percentage usage of the paging file may also be moni- 

proceeding. Monitoring of this performance data may allow 65 tored by logging thread 50. 

a message to be sent to monitored computer 12 to tune the Several performance values may also be monitored which 

operating system to provide more work items to service are known as server parameters. Logging thread 50 monitors 
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the number of work item shortages, the number of server manager thread 62 maintains a list of all monitoring corn- 
sessions, the number of pool non-paged failures, the number puters 14 to which monitoring and tracking agent 16 will 
of pool paged failures, and the number of system errors. report data. The list includes both primary and secondary 
Other performance values may be monitored without depart- monitoring computers 14. Connection manager thread 62 
ing from the scope of the invention. 5 maintains the status of each monitoring computer 14 as 
Because performance data is considered lower priority being either on-line or off-line. The status of each monitor- 
man event alert, and configuration data, the invention ing computer 14 is stored in connection list 60. Connection 
employs a mechanism such that monitoring and tracking i^t 60 comprises a file that may be stored on a disk drive 56 
listener 18 retrieves the performance data from performance 0 f monitored computer 12. Connection list 60 may also be 
data file 56 when it is not performing higher priority l0 rtored u me ram 28 of monitored computer 12. 
functions. In fcis embodiment ^*£ring ^ tracking CoQDectioil ^ ^ 62 determines whether a 
agent 16 and monitoring ano^acking l^tener "wakma computer^ is on-line or off-line by generating 

push-pull configuration wherein monitoring and tracking & , ^ u . A . . l?^. 1l4S 

agent 16 notifielStener 18 that new performance data is ^P^T ^ T^*™ ^%Jtt 

available (push), and monitoring and tracking listener 18 ^ tener 18 of that momtonng computer 14. If the ap^opnate 

retrieves the performance data when it has completed higher 15 response is received, then connection manager thread 62 

priority tasks (pull). If the agent has new performance data records the status of that monitoring computer as being 

and the listener has not yet responded to a previous on-line. If no response is received, then connection manager 

notification, the agent in this embodiment will not send thread 62 records the status of that monitoring computer 14 

another notification. In this embodiment, a date and time as being off-line. 

stamp is sent with each notification so subsequent notifies 20 y/h CQ m event, alert or configuration data is to be sent, 

tions are not sent Monitoring and tracking listener 18 ^^5^ thread 54 consults connection list 60. If a 

collects all outstanding data when it responds to a request by primary s itc cannot be reached, event transport thread 54 

collecting all data placed in performance data file 56 having ^ to ^ message and/or data to one or more 

a date and time stamp equal to or after the date and time secondary ata associated with that primary site. If at least 

stamp in the notification received from monitoring and * ODe seC ondary site can be reached, then the message is sent 

tracking agent 16. . A , to that secondary site. If a secondary site cannot be reached. 

The notification by monitoring and tracking agent 16 that ^ mfi ^ ^ remalo k CTeBt ueue 52 undi a 

perfonr^nce data is available connection to either the primary or secondary monitoring 

^ C W^ 18 7n I ^"s^L^^v^mt computer 14 can be established. Note that multiple primary 

agent list procedure 70. Dispatcher thread 54 retrieves me ^ , ^ , A . . . . , - * ^51. ,1* 

rass^fr™ event q^^ monitoring c<mpol«s 14 inay be to^natcd for a parttcular 

™c ! > ! > a 8 cl "" u T! _7 . rmZ ♦ , monitoring and tracking agent 16. Thus, monitored com- 

call over the network uang 12 my report alert to nmldple locations. This feature 

list procedure of monitoring and ^^g^^ iLY^ e of the invention^ particularly Useful in large computer 

moni tonne and tracking listener IS desires to obtain the m , r , , . * A * rv.^_ 

Sformance data from monitoring and tracking agent 16, it 33 networks wtee network adnumstrators may be monitoring 

^emesaremoter*oce4i^ network performance at various locations, 

data procedure 58 of monitoring and tracking agent 16. When monitoring and tracking agent 16 has new perfor- 

Perf ormance data procedure 58 obtains the performance data mance data to send, it will consult connection list 60 only for 

from performance data file 56 and returns the data to the list of primary monitoring computers 14. If a particular 

momtoring and tracking listener 18. Performance data file 40 primary monitoring computer 14 cannot be contacted, die 

56 may be stored and/or sent over the network in com- notification will remain in connection list 60 until that 

pressed form. particular primary monitoring computer 14 is available. 

Event queue 52 is a file that may be stored onadiskdrive FIG. 4 illustrates an embodiment of monitoring and 
36 of monitored computer 12. Event queue 52 obtains tracking listener 18 constructed in accordance with the 
messages intended to be sent to monitoring and tracking 45 invention. The structure of monitoring and tracking listener 
listener 18. Event transport thread 54 handles the sending of 18 is only one example of how monitoring and tracking 
messages in event queue 52 to the appropriate monitoring listener 18 could be structured to perform the methods of the 
and tracking listener 18. Event queue 52 may comprise a invention. In addMoa. monitoring and tracking listener 18 is 
single queue or a plurality of queues associated with the a multi-threaded application but need not be a multi- 
various threads of monitoring and tracking agent 16. Event 50 threaded application. 

transport thread 54 passes the messages to monitoring and Monitoring and tracking listener 18 comprises configu- 

tracking listener 18 by generating appropriate remote pro- ration rnx>cedure 66, event procedure 68, agent list procedure 

cedure calls over computer network 10 using a TCP/TP 70, statistics gathering thread 76, and event queue thread 74. 

protocol. In addition, monitoring and tracking listener 18 maintains 

The invention allows messages and data to be sent to one 55 extension agent event queue file 72, extension list 75, and 

or more monitoring computers 14. A monitoring computer agent list 78. Monitoring and tracking listener 18 also is 

14 may be classified as a primary or secondary site. In mis coupled to one or more listener extensions 20. In this 

embodiment, monitoring and tracking agent 16 sends all embodiment, monitoring and tracking listener 18 is coupled 

events, log data, and configuration data to a primary moni- to ASCII extension agent 80, SQL database extension agent 

taring computer 14. Monitoring and tracking agent 16 will 60 82, and console extension agent 84. The operation of moni- 

send events and configuration data to secondary monitoring toring and tracking listener 18 is described in more detail in 

computers 14 if a primary monitoring computer 14 is not connection with FIGS. 9 and 10 below but the operation of 

available. In this embodiment, however, performance data components of monitoring and tracking listener 18 will now 

that was logged using logging thread 50 is queued until the be partially described. Configuration procedure 66 receives 

primary monitoring computer 14 is available. 65 remote procedure calls from one or more monitoring and 

The use of multiple monitoring computers 14 is accom- tracking agents 16. Configuration procedure 66 receives 

plished using connection manager thread 62. Connection remote procedure calls which are messages containing con- 
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figuration data regarding the configuration of a monitored SQL database extension agent 82 receives the data from 
computer 12. Configuration procedure 66 processes the event queue thread 74, statistics gathering thread 76, and 
message and forwards the configuration data to each listener configuration procedure 66 and stores the data in an SQL 
extension 20. database, which also could be stored on flie disk drive 36 of 

Event procedure 68 receives remote procedure calls from j monitoring computer 14 or at a remote location. Storing the 
one or more monitoring and tracking agents 16 which are data in an SQL database allows further processing by any 
messages regarding event or alerts detected by monitoring open database connectivity (ODBC) compliant database 
and tracking agent 16. Event procedure 68 processes the software u*uu«»c 
events and alerts and forwards the data regarding each event „ ' 

or alert to event queue file 72. Agent list procedure 78 ,„ £ _ Console « ttnslon *&™t 84 processes the data obtained 
maintains a list of all monitored computers 12 for which the ^ ev f nt a - ueue mread 74 ' statistics g*hering *read 76, 
monitoring computer 14 running monitoring and tracking ? d co J nfl 8 uratlon F«*dure 66 and forwards some or all of 
listener 18 is a primary monitoring computer 14. Agent list ,h * t0 8 nc 1 twork monitoring console. In this 
procedure 70 maintains the list as agent list 78 which may cmboduncat - console extension *• forwards events and 
be stored in the RAM 28 of monitoring computer 14 or on „ eata ^ x cons ? le such 85 **t mailable from 

a disk drive 36 of monitoring confer 14?Agent list 78 Y enta P^ c console comprises an event correlator 

contains an indication as to whether each monitored com- *f kcs = vcats . &om network management systems and 

puter 12 has performance data to be logged by monitoring combines them in a common format Console extension 
and tracking listener 18 as well as a time stamp indicating ageEt 84 ^ cues CVCDts o^ SCDdsa & mc « «° »<= enterprise 
me time and date of the oldest perfcirnaiK*daUo^ „, console. The events may be sent to the enterprise console 

that agent that has not been retrieved by monitoring and over computer network 10 using communications link 42 of 
tracking listener 18 monitoring computer 14. Alternatively, communications 

Agent list procedure 70 receives notifications frommoni- J^** TL^*,?™* * * C I 

toring and tracking agent 16 along with the time and date ~t ™Z£ S^„^„ . , £ 

stamp associated wim the notification indicating that a „ cy^to multiple monUonng consoles The events may be 
particular monitored computer 12 has rKiforrZ* data **** ^""f 016 extension 84 * ucfa mat only the 
available to be logged. AgeVt list procedure then u^dtta mc«t impc^ events are forwarded to tte «,terprise con- 
«™. ii^ -r« «fif^ - ZTTJ .77 vTT . sole. Any type of monitorine console could be used without 

agem list 78. When monUonng and trackjng listener 18 is the scope of the invention, 

not busy (ie. there are free processor cycles to service the *^ 6 ^ 

statistics gathering thread), then statistics gathering thread 30 * embodiment, event queue file 72 comprises a 
76 will obtain performance data fox each agent in the agent sia 8 le < l ueue ' Event q ueue thread 74, statistics gathering 
list 78 that has a pending notification that performance data thrcad 76 ' 6114 configuration procedure 66 seek to send data 
is available. Statistics gathering thread 76 will obtain the t0 ^ various listener extensions at a constant rate, 
performance data by generating a remote procedure call to Sometimes, one of these threads may have to wait for an 
performance date procedure 58 of monitoring and tracking 35 cxtcnsion 85 mc various extensions may process data at 
agent 16. Statistics gathering thread 76 will obtain all &Sercnt ratcs - Each listener extension 20 may maintain its 
performance data that has been logged by the corresponding OWD 9 ucac of to compensate for a variance in process- 
monitoring and tracking agent 16 since the time and date speed. 

stamp associated with that agent in agent list 78. After FIG. 5 illustrates a flow chart of the general operation of 
statistics gathering thread 76 has obtame4 me performance 40 monitoring and tracking agent 16. The process begins in step 
data, it passes each instance of the performance data to each w * m initializati on. In step 88, configuration procedure 44 

of the listener extensions 20. determines whether the configuration of the monitored corn- 

Event queue thread 74 dispatches the messages and data puk*" 12 has changed- If so, then the changes are recorded in 
received by monitoring and tracking listener 18 to one or stc P W and a message is placed in configuration changes 
more listener extensions 20 coupled to monitoring and 45 <J ueue Following step 88, if the configuration was not 
tracking listener 18. Event queue thread obtains a list of changed, or following step 90 if the configuration was 
extensions from extension list 75. Extension list 75 keeps a changed, the procedure continues at step 92 where event 
dynamic list of available listener extensions 20 and event transport thread 54 waits for messages to appear in event 
queue thread 74, statistics gathering thread 76, and conflgu- queue 52. When a message appears in event queue 52, event 
ration procedure 66 all send data to the extensions on the list 50 trans P ort thread 54 processes the message in step 94. 
In this embodiment, listener extensions 20 comprise Following the initial processing of the message from 
dynamic link library procedures, This feature of the inven- event queue 52, event transport thread 54 accesses connec- 
tion allows monitoring and tracking listener 18 to be modu- tion list 60 in step 96 to determine whether a primary site is 
larized. When a network adininistrator desires additional available or not If so, then the proper message is sent to the 
functionality to process data received by monitoring and 35 monitoring and tracking listener 18 of that primary site in 
tracking listener 18, the network administrator can simply step 98. Event transport thread 54 generates the proper 
create another listener extension 20 and cause the data remote procedure call to the monitoring and tracking listener 
received by monitoring and tracking listener 18 to be sent to 18 and sends the data as described above. Then, in step 100, 
that listener extension. In this ernbodiment, event queue it is determined whether there are other primary sites 
thread 74 dispatches data and messages in event queue file 60 defined. If so, then the process continues in step 96. If not, 
72 to each of the listener extensions 20. then the process continues in step 92, where event transport 

ASCII extension agent 80 comprises a procedure that thread 54 waits for another message to appear in the queue, 
takes the data obtained from event queue thread 74, statistics If a primary site was not available in step 96, then in step 
gathering thread 76, and configuration procedure 66 and 102 it is determined whether a secondary site is available, 
writes the data to a text file. The text file may be stored on 65 Event transport thread 54 determines whether a secondary 
the disk drive 36 of monitoring computer 14 or may be site is available by accessing connection list 60. If no 
stored at a remote location. secondary site is available, then the message is returned to 
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the queue in step 106 with a notation that the message could 
not be sent to the particular primary and secondary sites. The 
process then continues in step 100. 

If any defined secondary site was available in step 102, 
then Che procedure continues in step 104. Event transport 
thread 54 makes the appropriate remote procedure calls to 
all available secondary sites for the primary site that was not 
available in step 96. In this embodiment, only one secondary 
site need be available to avoid returning a message to the 
queue. Thus, in step 104. event transport thread 54 makes the 
appropriate remote procedure calls to all available secondary 
sites for the unavailable primary site. Following step 104 the 
process continues in step 100 where it is determined whether 
any other primary sites are defined. 

FIG. 6 illustrates a flow chart describing the operation of 
an embodiment of log capture thread 46. The process begins 
in step 108 with initialization of log capture thread 46. In 
step 110, log capture thread 46 waits for an event to appear 
in the event log of operating system 64. When an event is 
received, the process continues in step 112. Log capture 
thread 46 filters the event to determine whether it should be 
forwarded or not In step 114, it is determined whether the 
event should be forwarded or not to monitoring and tracking 
listener 18. If not then the process continues in step 110 with 
log capture thread 46 waiting for another event If the event 
is to be forwarded, then in step 116 an appropriate message 
is generated and placed in event queue 52. Log capture 
thread 46 continues this process unto monitoring and track- 
ing agent 16 's execution is terminated. 

FIG. 7 illustrates a flow chart describing the operation of 
one embodiment of alert thread 48. The process begins at 
step 118 with initialization of alert thread 48. In step 120, an 
interval timer is set to a predefined interval denned by the 
user of monitoring and tracking agent 16. Then* in step 122. 
alert thread 48 waits for the expiration of the interval timer. 
When the interval timer expires, alert thread 48 retrieves 
performance counters maintained by operating system 64 
and computes performance values based upon those perfor- 
mance counters. In step 126, alert thread 48 determines 
whether any performance value has reached an alertable 
point when compared to a predetermined threshold If not 
then the process continues in step 120 with the interval timer 
being reset If a value has reached an alertable level, men in 
step 128 alert thread 48 generates an alert event and sends 
it to the local event log maintained by operating system 64. 
Then, in step 130, alert thread 48 generates an appropriate 
message regarding the alert and places it in event queue 52 
To avoid sending alerts out twice, log capture thread 46 
automatically filters out any alert events that were placed in 
the local event log of operating system 64. 

FIG. 8 illustrates a flow chart of the operation of an 
embodiment of logging thread 50. The process begins at step 
132 with initialization of logging thread 50. In step 134, 
logging thread 50 sets an interval timer to a predetermined 
interval as defined by the user of monitoring and tracking 
agent 16. This interval may or may not be the same interval 
used by alert thread 48. Next in step 136, logging thread 50 
waits for the expiration of the interval timer. When the 
interval timer expires* logging thread 50 retrieves perfor- 
mance counters from operating system 64 and computes 
performance values based upon those performance counters 
in step 138. Then, in step 140, the performance values that 
were computed and any performance counters that the user 
of monitoring and tracking agent 16 is configured to record 
are stored in a local log file in step 142. Next, in step 142, 
a message that the data has been logged along with date and 
time stamp information is sent to the connection list 60 by 
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performance data procedure 58. If a previous date and time 
stamp remains in connection list 60, then, in this 
embodiment, the previous date and time stamp remains 
unchanged and the listener is not notified a second time. 

5 Alternatively, the listener could be notified multiple times. If 
no previous date and time stamp is present, then the listener 
is notified that performance data is available by connection 
manager thread 62 The process then repeats itself by 
resetting the interval timer in step 134. 

10 FIG. 9 illustrates a flow chart generally describing the 
operation of an embodiment of monitoring and tracking 
listener 18. The process begins in step 144 with initializa- 
tion. Then, In step 146, event queue thread 74 waits far a 
message to appear in event queue file 72. The messages 

15 placed In event queue file 72 are generated by event proce- 
dure 68. When a message appears, the process continues in 
step 148 as event queue thread 74 retrieves the message from 
event queue file 72. In step 150, event queue thread 74 
processes the message as necessary. Then, in step 152, event 

2Q queue thread 74 sends the data to the listener extensions 20. 
In this embodiment, event queue thread 74 sends the data to 
ASCII extension agent 80, SQL database extension agent 82, 
and console extension agent 84. Event queue thread 74 may 
maintain a queue of data to be sent to the listener extensions 

23 20. Event queue thread 74 may maintain a separate queue for 
each listener extension 20 or a single queue for all listener 
extensions 20. After the data for a message has been sent to 
the proper listener extension, the process continues in step 
146 where event queue thread 74 waits for another message 

30 to appear in event queue file 72. The process continues in 
this manner until the execution of monitoring and tracking 
listener 18 is tenninated. 

FIG. 10 illustrates a flow chart describing the operation of 
an embodiment of statistics gathering thread 76. Statistics 

35 gathering thread 76 monitors agent list 78 and, in mis 
example, performs the process Illustrated in FIG. 10 only 
when monitoring and tracking listener 18 does not have 
configuration data, events, or alerts to process. The process 
begins at step 154 with initialization of statistics gathering 

40 thread 76. In step 156, statistics gathering thread 76 accesses 
agent list 78 to determine whether any statistics are available 
from any monitoring and tracking agent 16. In step 158, 
statistics garnering thread 76 determines if such statistics are 
available. If not then statistics gathering thread 76 continues 

43 to monitor agent list 78 in step 156. When statistics are 
available, the process continues in step 160 where statistics 
gathering thread 76 makes a remote procedure call to the 
appropriate agent and obtains all performance statistics that 
the monitoring and tracking agent 16 has recorded since the 

50 date and time entry for that agent in agent list 78. After 
obtaining this data, the statistics that were obtained from the 
remote procedure call are packaged into a message and sent 
to the listener extensions 20 in step 162 These messages 
may be queued by the listener extensions 20. The process 

55 then continues in step 156. 

The processes illustrated in FIGS. 5-10 are only examples 
illustrating the operation of monitoring and tracking agent 
16 and monitoring and tracking listener 18. Other processes 
could be used without departing from the scope of the 

60 invention. The functions of monitoring and tracking 16 and 
monitoring and tracking listener 18 could also be performed 
by a computer software program having a different structure 
than the embodiments illustrated in FIGS. 3 and 4. Various 
steps could also be omitted or additional steps added to the 

6s processes illustrated in FIGS. 5 through 10. 

Although the present invention has been described in 
detail, it should be understood that various changes, 
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substitutions, and alterations can be made hereto without a dispatching program running on the second computer, 

departing from the spirit and scope of the invention as the dispatching program operable to receive the per- 

defined by the appended claims. formance data and pass the performance data to a first 

What is claimed is: extension agent, the first extension agent operable to 

1. A method for monitoring the performance of a first 5 process the performance data. 

computer coupled to a computer network, comprising; ^ The system of claim 8, wherein the first extension agent 

repeatedly obtaining performance data cornprising at least fJ^dZmS^ **** Pt0 ° e ^ """^ °° 

one performance value using the first computer, the u of ^ 8 , whcrcin mc fot cxtCtt5ion 

performance value comprising a measure of the per- agent is further operable to send the processed performance 

formance of the first computer; 1Q to a database. 

automatically sending the performance data from the first U. The system of claim 8, wherein the first extension 

computer over the computer network to a second agent is further operable to send the processed performance 

computer coupled to the computer network; ^IVL nK)Qhoring console. 

12. The system of claim 11, wherein the first extension 

receiving the performance data at the second computer, l5 agen t j s further operable to queue events contained in the 

aad processed performance data to a central monitoring console. 

passing the performance data to a first extension agent, the The system of claim 8, wherein the tracking program 

first extension agent operable to process the perfor- is further operable to obtain configuration data comprising 

mance data. information about the configuration of the first computer and 

2. The method of claim 1 wherein the first extension agent » ^^i** W " C ° m ** lta 
emprises a dynamic link library procedure running on the » T^s^ the tracking program 
second computer, _ is further operable to generate an alert indicating that the 

3. The method of claim 1 wherein the first extension agent performance of the first computer has reached a critical level 
is further operable to send the processed performance data to ^ automatically send the alert over the computer network 
a database. to the second computer. 

4. Trie method of claim 1 wherein the first extension agent ° 15. The system of claim 8, wherein the tracking program 
is further operable to send the processed performance data to is further operable to monitor events that occur in the first 
a central monitoring console. computer and are recorded by an operating system control- 

5. The method of claim 1, further comprising: ling the first computer, the tracking program further operable 
queueing the performance data received by the second t0 setta * ^ e events over the computer network to the second 

computer; and 30 computer. 

. . ^_ . — , . . ^_ 16. The system of claim 8, wherein the dispatching 

wherein the passing step ^ comprises posing the fa ^ e * ^ ^ 

queued performance data to the fast extension ageat f e ^ vcd ^ ^ con ^ to ^ ^ s ^ queued 

when the first extension agent is ready to receive the p^^^^ data to the first extension agent when the first 

performance data. 35 extension agent is ready to receive the performance data, 

6. The method of claim 1, further ccanprising: yj The system of claim 8, whcrcin the dispatching 
passing the performance data to a second extension agent, program is further operable to pass the performance data to 

the second extension agent operable to process the a second extension agent running on the second computer, 

performance data. the second extension agent operable to process the perfor- 

7. The method of claim 6, further cornprising: 40 mance data. 

queueing the performance data received by the second 18 - Thc system of claim 17, wherein the dispatching 

computer to a first queue and a second queue; program is further operable to queue the performance data 

... . . . _ . . received by the second computer to a first queue and a 

wherein the step of passing the performance data to the second que uc, pass the queued performance data in the first 

first extension agent further comprises passing the qucuc t0 mc ^ extension agent when the first extension 

queued performance data in the first queue to the first 45 agent is ready to receive the performance data, and pass the 

extension agent when the first extension agent is ready queued performance data in the second queue to the second 

to receive the performance data; and extension agent when the second extension agent is ready to 

wherein the step of passing the performance data to the receive the performance data, 

second extension agent further comprises passing the 19. A program for monitoring the performance of a first 

queued performance data in the second queue to the 50 computer coupled to a computer network, comprising: 

second extension agent when the second extension a computer readable storage medium; 

agent is ready to receive the performance data. a dispatching program stored on the storage medium, the 

8. A system for monitoring the performance of a first dispatching program operable to receive performance 
computer coupled to a computer network, comprising: data sent over the computer network by the first 

a first computer; 33 computer, the performance data repeatedly obtained by 

a second computer; the first computer and comprising a measure of the 

u^u , performance of the first computer, the dispatching 

3 W rZ£ C ° nnCCtmg ±C ^ 860011(1 program further operable to pasTthe performance data 

computer, to a first extension agent, the first extension agent 

a tracking program r unnin g on the first computer and 60 operable to process the performance data, 

operable to repeatedly obtain performance data com- 20. The program of claim 19, wherein the dispatching 

prising at least one performance value, the performance program is further operable to queue the performance data 

value comprising a measure of the performance of the received by the second computer and pass the queued 

first computer, the tracking program further operable to performance data to the first extension agent when the first 

automatically send the performance data from the first 65 extension agent is ready to receive the performance data. 



computer over the computer network to the second 
computer; and 
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ABSTRACT 



The present invention is a method and apparatus to display 
an image during a transition of an operating system in a 
computer system. An image having an image format com- 
patible with the operating system is obtained. Content of a 
system file corresponding to the transition of the operating 
system is created using the image in a system directory. 

45 Claims, 8 Drawing Sheets 
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DISPLAYING IMAGES DURING BOOT-UP 
AND SHUTDOWN 

BACKGROUND 

1. Field of the Invention 

This invention relates to graphics. In particular, the inven- 
tion relates to graphic display. 

2. Description of Related Art 

A typical process of loading an operating system (OS) 
from a basic input and output system (BIOS) takes some 
time to complete. During this time, typically the display 
screen displays an image as selected by the operating 
system. This image is fixed and is not changed by the OS. 
Similarly, when the system is shutdown, the OS goes 
through a shutdown sequence and displays images on the 
screen during the shutdown process. The boot-up and shut- 
down images as displayed by the OS are normally not useful 
to the user and merely contain routine messages. 

Since the time to boot up and shut down is sufficiently 
long for the system to display more informative images, it is 
desirable to be able to display images other than the standard 
logos of the operating system. 

Therefore there is a need in the technology to provide a 
simple and efficient method to display an image during a 
transition of the operating system. 

SUMMARY 

The present invention is a method and apparatus to 
display an image during a transition of an operating system 
in a computer system. An image having an image format 
compatible with the operating system is obtained. Content of 
a system file corresponding to the transition of the operating 
system is created using the image in a system directory. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The features and advantages of the present invention will 
become apparent from-the following detailed description of 
the present invention in which: 

FIG. 1 is a system block diagram of one embodiment of 
an information distribution system in which the apparatus 
and method of the invention is used. 

FIG. 2 illustrates an exemplary processor system or user 
computer system which implements embodiments of the 
present invention. 

FIG. 3 illustrates a logical diagram of one embodiment of 
the invention. 

FIG. 4 A and FIG. 4B illustrates one embodiment of a 
process flow chart provided in accordance with the prin- 
ciples of the invention. 

FIG. 5 is a diagram illustrating an architecture to display 
an image during a transition of the operating system accord- 
ing to one embodiment of the invention. 

FIG, 6 is a flowchart illustrating a process to display an 
image during a transition of the operating system according 
to one embodiment of the invention. 

FIG. 7 is a flowchart illustrating a process to display an 
image during a transition of the operating system according 
to another embodiment of the invention. 

DESCRIPTION 

The present invention is a method and apparatus to 
display an image during a transition of an operating system 
such as boot-up and shutdown. A boot-up graphic file 
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replaces a boot-up system file in a system directory. A 
shutdown graphic file replaces a shutdown system file in a 
system directory. The technique allows the display of images 
other than the standard images by the operating system. 

5 In the following description, for purposes of explanation, 
numerous details are set forth in order to provide a thorough 
understanding of the present invention. However, it will be 
apparent to one skilled in the art that these specific details 
arc not required in order to practice the present invention. In 

10 other instances, well known electrical structures and circuits 
are shown in block diagram form in order not to obscure the 
present invention. 

Definitions 

15 As discussed herein, a "computer system" is a product 
including circuitry capable of processing data. The computer 
system may include, but is not limited to, general purpose 
computer systems (e.g., server, laptop, desktop, palmtop, 
personal electronic devices, etc.), personal computers (PCs), 

20 hard copy equipment (e.g., printer, plotter, fax machine, 
etc.), banking equipment (e.g., an automated teller machine), 
and the like. An infomediary is a web site that provides 
information on behalf of producers of goods and services, 
supplying relevant information to businesses about products 

25 and/or services offered by suppliers and other businesses. 
Content refers to application programs, driver programs, 
utility programs, the payload, etc., and combinations 
thereof, as well as graphics, informational material (articles, 
stock quotes, etc.) and the like, either singly or in any 

30 combination. "Payload" refers to messages with graphics or 
informational material (such as, articles, stock quotes, etc.) 
and may include files or applications. In one embodiment, it 
is transferred at a predetermined time to the system's mass 
storage media. In addition, a "communication link" refers to 

35 the medium or channel of communication. The communi- 
cation link may include, but is not limited to, a telephone 
line, a modem connection, an Internet connection, an Inte- 
grated Services Digital Network ("ISDN") connection, an 
Asynchronous Transfer Mode (ATM) connection, a frame 

40 relay connection, an Ethernet connection, a coaxial 
connection, a fiber optic connection, satellite connections 
(e.g. Digital Satellite Services, etc.), wireless connections, 
radio frequency (RF) links, electromagnetic links, two way 

4s paging connections, etc., and combinations thereof. 

In addition, the loading of an operating system ("OS") 
refers to the initial placement of the operating system 
bootstrap loader. In one embodiment, during the OS load, a 
sector of information is typically loaded from a hard disk 

50 into the system memory. Alternatively, the bootstrap loader 
is loaded from a network into system memory. An OS "boot" 
refers to the execution of the bootstrap loader. This places 
the OS in control of the system. Some of the actions 
performed during the OS boot include system configuration, 

55 device detection, loading of drivers and user logins. OS 
runtime refers to the completion of the boot phase and the 
beginning of the execution of applications by the OS. In one 
embodiment, during OS runtime, the OS interacts with the 
user to execute and/or run applications. 

so Power On Self Test (POST) refers to the instructions that 
are executed to configure and test the system hardware prior 
to loading an OS. 

System Overview 

65 A description of an exemplary system, which incorporates 
embodiments of the present invention, is hereinafter 
described. 
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FIG. 1 shows a system block diagram of one embodiment alternate embodiment, this initial payload is copied to a 

of an information distribution system 10 in which the predetermined location (such as the system's hard disk) at a 

apparatus and method of the invention is used. The system predetermined time, such as when the system is being 

10 relates to providing an infomediary. It involves the manufactured, assembled and tested, or when the end user 

construction and maintenance of a secure and private reposi- 5 first activates the system. Once copied, the payload executes 

tory of Internet user and system profiles, collected primarily after POST but prior to operation of the OS, and may display 

from warranty service registrations, Internet service graphics, advertisements, animation, Joint Photographic 

registrations, system profiles, and user preferences. Initially, Experts Group (JPEG)/Moving Picture Experts Group 

this information is used to register the user with the manu- (MPEG) formatted material on the screen. When additional 

facturers of purchased hardware and software products, and 10 programs and/or payloads are delivered (via the Internet or 

with the providers of on-line or other services. Over time, other outside connection), the display screen may be used to 

the user data is used to create a user profile and notify users provide customized screens in the form of messages or 

of relevant software updates and upgrades, to encourage graphics prior to and during booting of the OS. In addition, 

on-line purchases of related products, and to enable one-to- executable programs delivered in the first software module, 

one customized marketing and other services. 15 as well as subsequent programs (such as the second software 

In one embodiment, two software modules are used to module) downloaded from the web site, may be used to 
implement various embodiments of the invention. One is survey the PC to determine various types of devices, drivers, 
resident on a user's system, and is used to access a prede- and applications installed. In one embodiment, as described 
termined web site. For example, in one embodiment, the in co-pending U.S. patent application Ser. No 09/336,289 , 
operating system and Basic Input and Output System 2 o entitled "Method and Apparatus for Automatically Installing 
(BIOS) are pre-installed on a computer system, and when And Configuring Software on a Computer" incorporated 
the computer system is subsequently first powered up, an herein by reference, the first software module is used to 
application, referred to for discussion purposes as the first identify and to automatically create shortcuts and/or book- 
software module (in one embodiment, the first software marks for the user. The programs downloaded from the 
module is the initial start-up application (ISUA), which will 2 s website ma Y include software that collects and maintains a 
be described in the following sections), will allow the user profile based on the user's preferences. Such informa- 
launching of one or more executable programs in the pre- tion may be provided to the infomediary, which subse- 
boot environment. In one embodiment, the first software quently forwards portions of the information and/or corn- 
module facilitates the launching of one or more executable piled data based on the information to suppliers and other 
programs prior to the loading, booting, execution and/or 30 businesses to obtain updates or revisions of information 
running of the OS. In one embodiment, the user is encour- provided by the suppliers and other businesses, 
aged to select the use of such a program (i.e., the use of the Referring to FIG. 1, the information distribution system 
first software module), and in alternative embodiments, the 10 comprises a service center 20 that is connected over one 
program is automatically launched. The program(s) con- or more communications links 30^30^ to one or more user 
tained in the first software module enables tools and utilities 35 computer systems 40^-40^ ("40"). The service center 20 
to run at an appropriate time, and with proper user includes one or more servers 22, one or more databases 24, 
authorization, also allow the user to download a second and one or more computers 26 1 -26 Af . The one or more 
software module that includes drivers, applications and computers 26 1 ~26 M are capable of simultaneous access by a 
additional payloads through the Internet connection on the plurality of the user computer systems 40 1 -40 A ,. If a plurality 
PC. The programs may also provide for remote management 40 of computers are used, then the computers 26 1 -26 Af may be 
of the system if the OS fails to launch successfully. connected by a local area network (LAN) or any other 

Once the second software module has been delivered, it similar connection technology. However, it is also possible 

may become memory resident, and may disable the trans- for the service center 20 to have other configurations. For 

ferred copy of the first software module. The original copy example, a smaller number of larger computers (i.e. a few 

of the first software module still residing in the system's 45 mainframe, mini, etc. computers) with a number of internal 

non-volatile memory remains idle until the second software programs or processes running on the larger computers 

module fails to function, becomes corrupted or is deleted, capable of establishing communications links to the user 

upon which a copy of the original first software module is computers. 

again transferred as described above. The second software The service center 20 may also be connected to a remote 
module may include an application that connects the user to 50 network 50 (e.g., the Internet) or a remote site (e.g., a 
a specific server on the Internet and directs the user to a satellite, which is not shown in FIG. 1), The remote network 
predetermined web site to seek authorization to down load 50 or remote site allows the service center 20 to provide a 
further subscription material. The second software module wider variety of computer software, content, etc. that could 
may also include content that is the same or similar to the be stored at the service center 20. The one or more databases 
content of the first software module. 55 24 connected to the service center computers), e.g., corn- 
In one embodiment, the system may also include an initial puter 26 lt are used to store database entries consisting of 
payload that is stored in Read Only Memory BIOS (ROM computer software available on the computers) 26. In one 
BIOS), In one embodiment, the initial payload is part of the embodiment, each user computer 40^0^ has its own 
first software module (e.g., the ISUA). In an alternative secure database (not shown), that is not accessible by any 
embodiment, the initial payload is stored as a module in 60 other computer. The communication links 30 A -30^ allow the 
ROM BIOS, separate from the first software module. In one one or more user computer systems 40 1 -40 JV to simulta- 
embodiment, the initial payload is launched from ROM neously connect to the computers) 26 1 -26 M . The connec- 
BIOS and displayed on the screen after the Power On Self tions are managed by the server 22. 
Test (POST) but prior to the booting, loading and/or execu- After a user computer system 40 establishes two-way 
tion of the OS. This may occur at a predetermined time, such 65 communications with the information service computer 26, 
as when the system is being manufactured, assembled and the content is sent to the user computer system 40 in a 
tested, or when the end user first activates the system. In an manner hereinafter described. The downloaded content 
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includes an application that surveys the user and/or the user 
computer system* s hardware and/or software to develop a 
user profile as well as a profile of the user's system. The 
information gathered from the user and/or user's computer 
system is subsequently provided to the service center 20, 
which provides additional content to the user computer 40 
based on the user and system profile. The database entries 
from the database connected to the service computer 26 
contain information about computer software, hardware, and 
third party services and products that are available to a user. 
Based on the user and/or system profile, the content is 
further sent to the user computer for display. The content 
may also include a summary of information such as the 
availability of patches and fixes for existing computer 
software, new versions of existing computer software, brand 
new computer software, new help files, etc. The content may 
further include information regarding availability of hard- 
ware and third party products and services that is of interest 
to the user. The user is then able to make one or more choices 
from the summary of available products and services, and 
request that the products be transferred from the service 
computer 26 to the user computer. Alternatively, the user 
may purchase the desired product or service from the 
summary of available products and services. 

FIG. 2 illustrates an exemplary computer system 100 that 
implements embodiments of the present invention. The 
computer system 100 illustrates one embodiment of user 
computer systems 40 1 -40 JV and/or computers 26^26^ (FIG, 
1), although other embodiments may be readily used. 

Referring to FIG. 2, the computer system 100 comprises 
a processor or a central processing unit (CPU) 104. The 
illustrated CPU 104 includes an Arithmetic Logic Unit 
(ALU) for performing computations, a collection of regis- 
ters for temporary storage of data and instructions, and a 
control unit for controlling operation for the system 100. In 
one embodiment, the CPU 104 includes any one of the x86, 
Pentium™, Pentium II™, and Pentium Pro™ microproces- 
sors as marketed by Intel™ Corporation, the K-6 micropro- 
cessor as marketed by AMD™, or the 6x86MX micropro- 
cessor as marketed by Cyrix™ Corp. Further examples 40 
include the Alpha™ processor as marketed by Digital 
Equipment Corporation™, the 680X0 processor as marketed 
by Motorola™; or the Power PC™ processor as marketed by 
IBM™. In addition, any of a variety of other processors, 
including those from Sun Microsystems, MIPS, IBM, 
Motorola, NEC, Cyrix, AMD, Nexgen and others may be 
used for implementing CPU 104. The CPU 104 is not 
limited to microprocessor but may take on other forms such 
as microcontrollers, digital signal processors, reduced 
instruction set computers (RISC), application specific inte- 
grated circuits, and the like. Although shown with one CPU 
104, computer system 100 may alternatively include mul- 
tiple processing units. 

The CPU 104 is coupled to a bus controller 112 by way 
of a CPU bus 108. The bus controller 112 includes a memory 
controller 116 integrated therein, though the memory con- 
troller 116 may be external to the bus controller 112. The 
memory controller 116 provides an interface for access by 
the CPU 104 or other devices to system memory 124 via 
memory bus 120. In one embodiment, the system memory 
124 includes synchronous dynamic random access memory 
(SDRAM). System memory 124 may optionally include any 
additional or alternative high speed memory device or 
memory circuitry. The bus controller 112 is coupled to a 
system bus 128 that may be a peripheral component inter- 
connect (PCI) bus, Industry Standard Architecture (ISA) 
bus, etc. Coupled to the system bus 128 are a graphics 



controller, a graphics engine or a video controller 132, a 
mass storage device 152, a communication interface device 
156, one or more input/output (I/O) devices 168^168^, and 
an expansion bus controller 172, The video controller 132 is 
coupled to a video memory 136 (e.g., 8 Megabytes) and 
video BIOS 140, all of which may be integrated onto a single 
card or device, as designated by numeral 144. The video 
memory 136 is used to contain display data for displaying 
information on the display screen 148, and the video BIOS 
140 includes code and video services for controlling the 
video controller 132. In another embodiment, the video 
controller 132 is coupled to the CPU 104 through an 
Advanced Graphics Port (AGP) bus. 

The mass storage device 152 includes (but is not limited 
to) a hard disk, floppy disk, CD-ROM, DVD-ROM, tape, 
high density floppy, high capacity removable media, low 
capacity removable media, solid state memory device, etc., 
and combinations thereof. The mass storage device 152 may 
include any other mass storage medium. The communica- 
tion interface device 156 includes a network card, a modem 
interface, etc. for accessing network 164 via communica- 
tions link 160. The I/O devices 168^168^ include a 
keyboard, mouse, audio/sound card, printer, and the like. 
The I/O devices 168 1 -168 JV may be a disk drive, such as a 
25 compact disk drive, a digital disk drive, a tape drive, a zip 
drive, a jazz drive, a digital video disk (DVD) drive, a solid 
state memory device, a magneto-optical disk drive, a high 
density floppy drive, a high capacity removable media drive, 
a low capacity media device, and/or any combination 
30 thereof. The expansion bus controller 172 is coupled to 
non-volatile memory 175 which includes system firmware 
176. The system firmware 176 includes system BIOS 82, 
which is for controlling, among other things, hardware 
devices in the computer system 100. The system firmware 
176 also includes ROM 180 and flash (or EEPROM) 184. 
The expansion bus controller 172 is also coupled to expan- 
sion memory 188 having RAM, ROM, and/or flash memory 
(not shown). The system 100 may additionally include a 
memory module 190 that is coupled to the bus controller 
112. In one embodiment, the memory module 190 comprises 
a ROM 192 and flash (or EEPROM) 194. 

As is familiar to those skilled in the art, the computer 
system 100 further includes an operating system (OS) and at 
least one application program, which in one embodiment, 
are loaded into system memory 124 from mass storage 
device 152 and launched after POST. The OS may include 
any type of OS including, but not limited or restricted to, 
DOS, Windows™ (e.g., Windows 95™, Windows 98™, 
Windows NT™), Unix, Linux, OS/2,OS/9, Xenix, etc. The 
operating system is a set of one or more programs which 
control the computer system's operation and the allocation 
of resources. The application program is a set of one or more 
software programs that performs a task desired by the user. 

In accordance with the practices of persons skilled in the 
art of computer programming, the present invention is 
described below with reference to symbolic representations 
of operations that are performed by computer system 100, 
unless indicated otherwise. Such operations are sometimes 
referred to as being computer-executed. It will be appreci- 
ated that operations that are symbolically represented 
include the manipulation by CPU 104 of electrical signals 
representing data bits and the maintenance of data bits at 
memory locations in system memory 124, as well as other 
processing of signals. The memory locations where data bits 
are maintained are physical locations that have particular 
electrical, magnetic, optical, or organic properties corre- 
sponding to the data bits. 
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When implemented in software, the elements of the transfer may include the transfer of the initial payload 88a 
present invention are essentially the code segments to per- to the mass storage device 152, subsequent to which the 
form the necessary tasks. The program or code segments can initial payload is delivered from the mass storage device 
be stored in a processor readable medium or transmitted by 152. Alternatively, the initial payload may be delivered from 
a computer data signal embodied in a carrier wave over a 5 the ROM. One embodiment of the system and process for 
transmission medium or communication link. The "proces- facilitating such a transfer is described in co-pending U.S. 
sor readable medium" may include any medium that can patent application Ser. No. 09/336,067 entitled "System and 
store or transfer information. Examples of the processor Method for Transferring an Application Program from Sys- 
readable medium include an electronic circuit, a semicon- tem Firmware to a Storage Device" filed on Jun. 18, 1999, 
ductor memory device, a ROM, a flash memory, an erasable 10 which is assigned to Phoenix Technologies, Ltd., the con- 
ROM (EROM), a floppy diskette, a CD-ROM, an optical tents of which are incorporated herein by reference. Alter- 
disk, a hard disk, a fiber optic medium, a radio frequency native embodiments of the system and process for facilitat- 
(RF) link, etc. The computer data signal may include any ing such a transfer are described in co-pending U.S. patent 
signal that can propagate over a transmission medium such application Ser. No. 09/272,859, entitled "Method and 
as electronic network channels, optical fibers, air, 15 Apparatus for Providing Memory-based Device Emulation" 
electromagnetic, RF links, etc. The code segments may be filed on Mar. 19, 1999, in co-pending U.S. patent 
downloaded via computer networks such as the Internet, Continuation-in-Part application Ser. No. 09/272,859, 
Intranet, etc, entitled "Method and Apparatus for Providing Memory - 

FIG. 3 illustrates a logical diagram of computer system Based Device Emulation" filed on Jun. 18, 1999, and in 

100. Referring to FIGS. 2 and 3, the system firmware 176 20 co-pending U.S. patent application Ser. No. 09/336,281, 

includes software modules and data that are loaded into entitled "System and Method for Inserting One or More 

system memory 124 during POST and subsequently Files Onto Mass Storage" filed Jun. 18, 1999, each of which 

executed by the processor 104. In one embodiment, the is assigned to Phoenix Technologies, Ltd., the assignee of 

system firmware 176 includes a system BIOS module 82 the present invention, the contents of each of which are 

having system BIOS handlers, hardware routines, etc., a 25 incorporated herein by reference. 

ROM application program interface (RAPI) module 84, an In one embodiment, the ISUA 86 is a computer software 
initial start-up application (ISUA) module 86, an initial executable program that will determine if there are pre in - 
payload 88, cryptographic keys 90, a cryptographic engine stalled programs that are resident on the end user's system. 
92, and a display engine 94. The aforementioned modules If so, it will identify those preinstalled programs and create 
and portions of system firmware 176 may be contained in 30 shortcuts (on the desktop in the case of a Windows operating 
ROM 180 and/or flash 184. Alternatively, the aforemen- system), or bookmarks, to allow the user to automatically 
tioned modules and portions of system firmware 176 may be launch the programs. In this embodiment, the executable 
contained in ROM 190 and/or flash 194. The RAPI 84 program is also capable of initiating and establishing two- 
provides a secure interface between ROM application pro- way communications with one or more applications on the 
grams and system BIOS 82. The RAPI 84, ISUA 86, and 35 server 22 and/or any one of the service computers 26 (FIG. 
initial payload 88a may each be separately developed and 1), as described below. Moreover, in one embodiment, 
stored in the system firmware 176 prior to initial use of the graphical content of the initial payload 88a is displayed by 
computer system 100. In one embodiment, the RAPI 84, display engine 94 on the user's display screen 148 during 
ISUA 86, and initial payload 88 each includes proprietary POST. Alternatively, the graphical content of the initial 
software developed by Phoenix Technologies, Ltd. One 40 payload 88a may be displayed after a subsequent booting 
embodiment of RAPI 84 is described in co-pending U.S. process. For example, as part of the user's profile as 
patent application Ser. No. 09,336,889 entitled "System and described below, the user may be asked if he or she would 
Method for Securely Utilizing Basic Input and Output like to obtain additional information regarding one or more 
System (BIOS) Services," filed on Jun. 18, 1999, assigned to products and/or services. If the user so desires, content 
Phoenix Technologies, Ltd., and which is incorporated 45 regarding the desired products and/or services will be dis- 
herein by reference. One embodiment of ISUA 86 is played during subsequent boot processes, 
described in co-pending U.S. patent application Ser. No. Once POST is completed, the OS is loaded, executed, and 
09/336,289 entitled "Method and Apparatus for Automati- initialized. Standard OS drivers and services are then loaded, 
cally Installing and Configuring Software on a Computer," The user is then prompted to enter registration information 
filed on Jun. 18, 1999, assigned to Phoenix Technologies, 50 including demographic information such as age, gender, 
Ltd., and which is incorporated herein by reference. hobbies, etc. In addition, the ISUA 86 is executed, and runs 
In one embodiment, as shown in FIGS. 3 and 4A and 4B, in the background, remaining idle until it detects a commu- 
after power is initially turned on to a new computer system nication link established between the computer system 100 
100, the system commences with POST procedures. During and a remote server (e.g., server 22 of FIG. 1) over Network 
the initial POST, the ISUA 86 is transferred to the mass 55 164 of FIG. 2 (e.g., over the Internet). In one embodiment, 
storage device 152, as shown by Al. In one embodiment, the ISUA 86 may search through the operating system to 
such a transfer is made during the manufacturing and/or determine if there are applications that have been pre-loaded 
assembly process, when the system 100 is first powered up and pre -installed onto the system. If so, the ISUA 86 may 
after the operating system has been installed (but prior to automatically provide short cuts and/or bookmarks for the 
loading and running the operating system). In an alternative 60 applications to launch into a predetermined server once the 
embodiment, such a transfer may be made after the manu- communication link is establish ed. This communication 
facturing and/or assembly process, after the user receives link can be established with a network protocol stack, (e.g. 
and powers up the system 100. In a further alternate TCP/IP) through sockets, or any other two-way communi- 
embodiment, during the transfer of the ISUA 86, additional cations technique known in the art. Once the communication 
programs, applications, drivers, data, graphics and other 65 link 30 is established, the ISUA 86 issues a request signal to 
information may also be transferred (for example, from the server 22 (as shown by A2) to download an initial 
ROM) to the mass storage device 152. For example, the content package 62 from a content module 60. Responsive 
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to the request, the server downloads the initial content ROM, the Windows™ logo file, which is displayed during 
package 62 (as shown by A3), which, in one embodiment, is boot-up and shutdown, may be altered or replaced. The 
stored in the mass storage device 152. In one embodiment, boot-up Windows display file is named LOGO.SYS and is 
the initial content 62 and subsequent content 64 may be usually located in the Windows directory. First the Win- 
developed separately, and each is encrypted and/or digitally 5 dows™ LOGO.SYS file is transferred from the Windows 
signed using encryption keys, prior to storing of the initial directory to another directory. Then, the content graphics file 
content 62 and subsequent content 64 on the server 22. is renamed as LOGO.SYS and is transferred to the Win- 
When the initial content 62 and/or subsequent content 64 dows™ directory. The operating system retrieves this file 
is/are subsequently downloaded into system 100, the crypto when the operating system is first launched, and hence the 
engine 92 will use keys 90 to decrypt the initial content 62 1Q content is displayed on the display screen. Windows™ 
and/or subsequent content 64. expects the LOGO.SYS file to be a bit-mapped file with 
As discussed earlier, the initial content package 62 may resolution 320x400 and 256 colors although Windows™ 
include applications 62a, drivers 626, and payloads 62c. In w ju i ater stre tch the resolution to 640x400 for displaying 
one embodiment, the applications 62a include a data loader purposes. Therefore, the content graphics file is to be the 
application and a profile manager application The data &ame graphics format (dually nam ed with the extension 

loa l«?!Pi ICaU ? n func ? lons 1 in{ } c , ™ me L ? r a S1 ?^\ man T r " BMP** before being renamed to LOGO.SYS). 

as ISU A 8 6, and once downloaded, disables and replaces the ~ . . . . . . . ' . . . , 

ISUA86. More specifically, the data loader application is a . ™ e ^operating system is then loaded executed and im- 
computer software program which is also capable of Uahzed ' ™ e ^ eratm J ; s y stem dnve " * and a PP hca / 
initiating, establishing, and terminating two-way communi- tl0ns are also loaded - n& P rafile manager is then executed, 
cations between the server 22 and the computer system 100. 20 When a link has been established with the predetermined 
The data loader application also provides trance control web Slte > additional content may be downloaded and sub- 
management between the server 22 and computer system sequently displayed. Such additional content are either pro- 
100, as well as other functions to facilitate communication vided arbitrarily or provided based on the information 
between the end user's system and the designated server, and obtained from a survey of the user or the user's system. In 
content downloading to the end user's system. 25 one embodiment, once the boot process is completed, a 
The profile manager obtains the user and system profiles portion of the display screen may be used to provide icons 
of the computer system 100 based on user preferences, or shortcuts that are used to access detailed information 
system hardware, and software installed at the computer regarding the previously displayed messages or advertise- 
system 100. Upon obtaining the user and system profile of ments. In a further embodiment, the messages or advertise- 
the computer system 100, the profile manager application 30 ments may again be displayed during the shut-down process, 
forwards the results to the data loader application, which for example, replacing the screen display that displays the 
subsequently provides the information to the server 22, message "Windows is shutting down" or "It is now safe to 
which matches the user indicted preferences with database turn off your computer" with other selected content. 
24 (FIG. 1). The results may be forwarded at predetermined DETAILED DESCRIPTION 
intervals or at the user's request. The server 22 then pro- 35 

cesses the user profile or demographic data and targets FIG. 5 is a diagram illustrating an architecture 500 to 

content to the users which have similar profiles. In addition, display an image during a transition of the operating system 

the user profile data of a plurality of users are compiled on according to one embodiment of the invention. The archi- 

the server 22 and aggregated to create an aggregate user lecture 500 includes a root directory 510, a system directory 

profile model. Content is then transmitted to user computer 40 520 > a temporary directory 530, system files 522, 524, and 

system's based on the user profile data and/or the aggregate 526, a boot-up graphic file 532, and a shutdown graphic file 

user profile model (as shown by A4). The subsequent 5 ^4. 

content 64 is downloaded and stored in system firmware The root directory 510 is typically the C:\ drive in the 

176, designated by numeral 886. In one embodiment, the mass storage where the operating system is located. The 

subsequent content 64 is stored in non-volatile memory such 45 system directory 520 is typically the directory that stores the 

as flash or EEPROM, with the loading of the subsequent operating system that is loaded into the system memory 

content being done by reflashing the ROM, as is well known when the BIOS boots up. In one embodiment, the operating 

by those skilled in the art. The subsequent content 64 may system is the WINDOWS operating system and the system 

also be stored as one or more files on mass storage device directory or folder has the name Windows. 

152 or may be used to modify the Windows™ system file 50 When the BIOS loads the Windows operating system, a 

(under the Windows™ environment). The profile collection input/output program is executed (IO.SYS which is the 

process is continued as long as the computer system 100 is historical name "input/output" known to people of the trade) 

activated. In one embodiment, content may be downloaded and the IO.SYS attempts to locate and load the system files 

after the user's profile is received and analyzed at the server in a default directory, e.g., root directory and Windows. The 

22. 55 LOGO.SYS system file 522 is used when the OS is booted 

When the computer system 100 is subsequently powered up. The LOGO.SYS typically contains a image file that 

up (see FIG. 4B), the system again performs POST. The displays the Windows start-up logo, 

content that was previously downloaded and stored in sys- When the system is shutdown, the Windows operating 

tern firmware 176, and subject to copyright issues being system retrieves the LOGOW.SYS system file 524 and the 

resolved, is then displayed, prior to loading and/or execution $q LOGOS.SYS system file 526, and displays the appropriate 

of the operating system. In the Windows™ environment, the logo images on the screen 148. The LOGOW.SYS system 

Windows™ logo, which is displayed during the initial file 524 typically contains the message "Please wait while 

loading of the operating system, is subsequently replaced by your computer shuts down". The LOGOS.SYS system file 

one or more screen that display the previously downloaded 526 typically contains the message "It is now safe to turn off 

content stored in system firmware 176. 55 your computer". 

In the case of storing the content as one or more files on The boot-up graphic file 532 is the file containing an 

the mass storage device 152, as opposed to reflashing the image that is to be displayed during the OS boot -up in place 
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of the LOGO. SYS system file 522. The shutdown graphic 
file 534 is the file containing an image that is to be displayed 
during the OS shuts down in place of the LOGOW.SYS 
system file 524 and the LOGOS.SYS system file 526. 

FIG. 6 is a flowchart illustrating a process 600 to display 
an image during a transition of the operating system accord- 
ing to one embodiment of the invention. 

Upon START, the process 600 creates a boot-up graphic 
file and a shutdown graphic file using a bitmap format 
(Block 610). Then the process 600 locates and retrieves the 
original LOGO.SYS, LOGOW.SYS and LOGOS.SYS sys- 
tem files from a system directory and saves them in a 
temporary directory under different extensions or names so 
that they can be used later (Block 620). 

Then the process renames the created boot-up and shut- 
down graphic files to LOGO.SYS for boot-up and LOGOW- 
.SYS or LOGOS.SYS for shut-down (Block 630). These 
renamed files are then transferred to the system directory 
where the original system files were located (Block 640). 
The process 600 is then terminated. 

In another embodiment, the image to be displayed during 
boot -up and shutdown can be captured from the graphics 
memory. The replacement of the Windows startup and 
shutdown screens has its application within the context of 
displaying useful information during the Windows OS star- 
tup and shutdown or subsequent startups and shutdowns on 
a PC. 

During the firmware initialization (e.g., BIOS POST), a 
graphics engine generates an image into the standard Video 
Graphics Adaptor (VGA) as soon the adapter hardware is 
initialized. The resolution used is 320x400 with 256 colors. 
The data used to generate the image is contained with the 
BIOS flash memory. This data is updated regularly by an 
external program from within the OS. 

After the BIOS has initialized the hardware of the hard 
drive, the graphical data (e.g., palette and bitmap 
information) is then stored onto the hard drive using code 
that supports the File Allocation Table (FAT) 16 file system 
format. This code is independent of the OS but offers the 
same functionality for writing to the hard drive as the OS. 
Before writing to the hard drive the code checks the com- 
patibility of the file system and the type of the OS. The 
location and name of the file in the file system where the 
graphical data is stored corresponds to the Windows LOGO- 
.SYS file. This file is also stored into the Windows boot 
directory. The exact path of the Windows directory is 
extracted from the MSDOS.SYS text file within the root 
directory of the boot drive. This file contains among other 
information the string "WinDir°" followed by a directory 
path. The filenames used under that directory are LOGOW- 
.SYS and LOGOS.SYS. 

In Windows95 the first file that is loaded after the boot- 
block of the hard drive is 10 .SYS. This file looks for some 
file system compression drivers before loading the Windows 
LOGO graphics file from the root directory of the boot drive. 
IO. SYS switches the VGA into graphics mode with a 
resolution of 320x400 and 256 colors. It then loads the 
logo.sys file that contains a standard Windows Bitmap 
image. When Windows95 shuts down it displays two other 
images that are found in the Windows directory under the 
names LOGOW.SYS and LOGOS.SYS. Windows displays 
these two images in sequence with no visible interruption 
between them. Having the same image stored in both files 
gives the impression of having a single image being dis- 
played. 
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The pseudo code for this process is as follows: 

1 . Call graphic engine to render data into the VGA card 
memory. 

2. Identify filesystem and OS on the harddrive. If unsup- 
5 ported types go to step 8. 

3. Call screen capture routine to extract image from VGA 
card and write the image into a temporary Windows 
Bitmap file. 

1Q 4. Locate LOGOW.SYS, and LOGOS.SYS on the file 
system. 

5. Copy the temporary Windows Bitmap file into LOGO- 
.SYS that is in the root directory of the boot drive. 

6. Copy the temporary Windows Bitmap file into 
15 LOGOW.SYS and LOGOS.SYS into the previously 

located directory. 

7. Delete the temporary BMP file 

8. Continue with the machine booting process (finish 
hardware initialization and load OS). 

20 Any error encountered during this process would cause 
the machine to proceed with the normal booting process in 
step 8. 

FIG. 7 is a flowchart illustrating a process 700 to display 
an image during a transition of the operating system accord- 

25 ing to one embodiment of the invention. 

Upon START, the process 700 renders graphic data on the 
graphics memory in the graphics controller or the video 
display adapter (Block 710), This rendering may be per- 
formed as part of a pre-boot graphics display activity, or as 

30 part of a normal graphics rendering process after the system 
boots up. The process 700 identifies the file system and the 
operating system on the hard drive (Block 715). Then the 
process 700 determines if the file system or the OS is 
supported by the technique (Block 720). If not, the process 

35 700 is terminated. 

If the file system or the OS is supported, the process 700 
extracts the image from the graphic memory (Block 725). 
This can be achieved by a number of techniques. One simple 
technique is to use a screen capture program to capture the 

40 graphics memory. Then the process 700 writes the extracted 
image into a temporary file having a format compatible with 
the operating system (e.g., bitmap) (Block 730). In one 
embodiment, the operating system is a Windows-compatible 
OS and the file format is a bitmap format with a resolution 

45 of 320x400. 

Next, the process 700 locates the system file(s) corre- 
sponding to the image or images displayed during the 
boot-up of shut-down (Block 735). For example, if the OS 
is a Window-compatible OS, the boot-up system file is 

50 LOGO.SYS, and the shut-down system files are LOGOW- 
.SYS and LOGOS.SYS. Then the process 700 copies the 
temporary bitmap file as created in block 730 to the system 
directory that stores the corresponding boot-up or shut-down 
system file (Block 740). Then the process 700 deletes the 

55 temporary file, if necessary (Block 745). Next, the process 
700 continues the booting process and loading of the oper- 
ating system (Block 750). Note that if this process is 
performed at times other than booting up, then activities in 
block 750 are normal activities of the system. Then the 

60 process 700 is terminated. 

Thus, the present invention is an efficient technique to 
display an image during a transition of the operating system. 
For boot-up, the LOGO.SYS system file is replaced by a 
boot-up graphic file. For shutdown, the LOGOS.SYS and/or 

65 LOGOW.SYS is replaced by a shutdown graphic file. The 
technique allows displaying images other than the logos 
from Windows. 
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While this invention has been described with reference to 
illustrative embodiments, this description is not intended to 
be construed in a limiting sense. Various modifications of the 
illustrative embodiments, as well as other embodiments of 
the invention, which are apparent to persons skilled in the art 
to which the invention pertains are deemed to lie within the 
spirit and scope of the invention. 

What is claimed is: 

1. A method to display an image during a transition of an 
operating system in a computer system, the method com- 
prising: 

obtaining the image having an image format compatible 

with the operating system; and, 
creating content of a system file using the image, the 

system file to be accessed during the transition of the 

operating system, said image to correspond to a user 

profile. 

2. The method of claim 1 further comprising: 
saving the system file in a directory. 

3. The method of claim 1 wherein the operating system is 
compatible with a Windows operating system. 

4. The method of claim 3 wherein the image format is a 
bitmap format. 

5. The method of claim 4 wherein the image has a 
resolution compatible with the operating system. 

6. The method of claim 1 wherein the transition is a 
boot -up sequence. 

7. The method of claim 6 wherein the system file is a 
LOGO.SYS file. 

8. The method of claim 1 wherein the transition is a 
shut-down sequence. 

9. The method of claim 8 wherein the system file is one 
of a LOGOW.SYS file and a LOGOS.SYS file. 

10. The method of claim 2 wherein the directory is located 
on a storage compatible with the operating system. 

11. A computer program product, comprising: 

a computer usable medium having computer program 
code embodied therein to display an image during a 
transition of an operating system in a computer system, 
the computer program product having: 

computer readable program code for obtaining an image 
having an image format compatible with the operating 
system; and 

computer readable program code for creating content of a 
system file using the image, the system file to be 
accessed during the transition of the operating system, 
said image to correspond to a user profile. 

12. The computer program product of claim 11 further 
comprising: 

computer readable program code for saving the system 
file in a directory. 

13. The computer program product of claim 11 wherein 
the operating system is compatible with a Windows oper- 
ating system. 

14. The computer program product of claim 13 wherein 
the image format is a bitmap format. 

15. The computer program product of claim 14 wherein 
the image has a resolution compatible with the operating 
system. 

16. The computer program product of claim 11 wherein 
the transition is a boot-up sequence. 

17. The computer program product of claim 16 wherein 
the system file is a LOGO.SYS file. 

18. The computer program product of claim 11 wherein 
the transition is a shut-down sequence. 

19. The computer program product of claim 18 wherein 
the system file is one of a LOGOW.SYS file and a LOG- 
OS.SYS file. 
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20. The computer program product of claim 12 wherein 
the directory is located on a storage compatible with the 
operating system. 

21. A computer data signal embodied in a carrier wave 
comprising: 

a graphic display code segment to display an image 
during a transition of an operating system in a computer 
system, the graphic display code segment comprising: 

an image obtaining code segment for obtaining an image 
having an image format compatible with the operating 
system; and 

a content creation code segment for creating content of a 
system file using the image, the system file to be 
accessed during the transition of the operating system, 
said image to correspond to a user profile. 

22. The computer data signal of claim 21 wherein the 
graphic display code segment further comprising: 

a save code segment for saving the system file in a 
directory. 

23. The computer data signal of claim 21 wherein the 
operating system is compatible with a Windows operating 
system. 

24. The computer data signal of claim 23 wherein the 
image format is a bitmap format. 

25. The computer data signal of claim 24 wherein the 
image has a resolution compatible with the operating sys- 
tem. 

26. The computer data signal of claim 21 wherein the 
transition is a boot-up sequence. 

27. The computer data signal of claim 26 wherein the 
system file is a LOGO.SYS file. 

28. The computer data signal of claim 21 wherein the 
transition is a shut-down sequence. 

29. The computer data signal of claim 28 wherein the 
system file is one of a LOGOW.SYS file and a LOGOS.SYS 
file. 

30. The computer data signal of claim 22 wherein the 
directory is located on a storage compatible with the oper- 
ating system. 

31. A system comprising; 
a processor; and 

a memory coupled to the processor, the memory contain- 
ing program code to display an image during a transi- 
tion of an operating system, the program code when 
executed by the processor causing the processor to: 

obtain the image having an image format compatible with 
the operating system, and 

create content of a system file using the image, the system 
file to be accessed during the transition of the operating 
system, said image to correspond to a user profile. 

32. The system of claim 31 wherein the program code 
when executed by the processor further causing the proces- 
sor to: 

save the system file in a directory. 

33. The system of claim 31 wherein the operating system 
is compatible with a Windows operating system. 

34. The system of claim 33 wherein the image format is 
a bitmap format. 

35. The system of claim 34 wherein the image has a 
resolution compatible with the operating system. 

36. The system of claim 31 wherein the transition is a 
boot-up sequence. 

37. The system of claim 36 wherein the system file is a 
LOGO.SYS file. 

38. The system of claim 31 wherein the transition is a 
shut-down sequence. 

39. The system of claim 38 wherein the system file is one 
of a LOGOW.SYS file and a LOGOS.SYS file. 
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40. The system of claim 32 wherein the directory is 
located on a storage compatible with the operating system. 

41. The method of claim 1, wherein said image corre- 
sponds to data stored in a BIOS memory. 

42. The method of claim 41, wherein said data is updated 5 
during execution of said operating system. 

43. The method of claim 1, wherein creating content of a 
system file comprises creating content of a system file 
during said transition using the image. 
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44. The method of claim 1 wherein creating content of a 
system file comprises creating content of a system file before 
said transition using the image. 

45. The method of claim 31, wherein said program code 
further causes said processor to generate said image corre- 
sponding to data stored in a BIOS memory, said image to be 
generated during the transition. 
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(57) ABSTRACT 

A computer system comprises a host computer having a 
memory array and a host microprocessor, and a disk drive 
having a drive microprocessor. The disk drive provides a 
secure boot load of the host computer by causing the host 
microprocessor to remain in an inactive state while a tem- 
plate for loading host computer memory is read by a drive 
microprocessor from a protected area of the disk and loaded 
into host memory via the host interface. The host computer 
may then be activated with a memory image source whose 
source is impervious to virus attack or inadvertent corrup- 
tion. A method is disclosed for creating and updating the 
secure template. The host interface may be an I/O interface 
or a memory referenced interface. 
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DISK DRIVE WHICH PROVIDES A SECURE 
BOOT OF A HOST COMPUTER SYSTEM 
FROM A PROTECTED AREA OF A DISK 

BACKGROUND OF THE INVENTION 

1. Field of the Invention 

This invention relates to the field of secure boot loading 
of a computer system from a hard disk drive. In particular, 
the invention relates to a source for fast restoration of a 
complete operating image in computer system memory 
which is secure from attack by a virus or inadvertent 
corruption during operation of the computer. 

2. Description of the Prior Art and Related Information 
Most computer systems today take the form of a so-called 

"personal computer" or PC which has evolved into a ubiq- 
uitous tool applied in many forms. Examples include desk- 
top systems, servers, and "embedded" systems which incor- 
porate a PC as the engine for performing dedicated 
functions. Common to most of these systems is a host 
microprocessor and a disk drive. The host microprocessor 
executes program code, including operating system code 
and application program code, and reads or writes data in 
conjunction with code execution. The code and associated 
data is stored for execution in a volatile random access 
memory array. The disk drive provides non-volatile second- 
ary storage for the code and data. The extent of disk drive 
storage is orders of magnitude greater than the memory 
array, allowing numerous application programs, and poten- 
tially a plurality of operating systems, to reside on the disk 
drive for recall according to dynamic configurations of the 
machine. 

The memory array is initially loaded during a bootstrap 
(boot) loading process which begins with the host micro- 
processor executing a relatively small BIOS program stored 
in a ROM. The BIOS program reads a default area of the 
disk which stores a boot program, known as a boot record, 
and stores the program in the memory array. The host 
microprocessor then executes the boot program to load an 
operating system core which may then complete the process 
of establishing an operating image in memory. 

Unfortunately, the PC is susceptible to problems during 
this process. Computer viruses are rampant, many of which 
plant themselves in the boot record or in the operating 
system code on the disk so that they may be activated during 
operation of the machine. Other forms of computer viruses 
simply corrupt or destroy code on the disk which prevents 
the machine from booting up at all. Aside from virus attacks, 
it is possible that inadvertent corruption of disk data can 
prevent a proper boot of the computer system. This can be 
caused by user mistakes or by rogue applications which fail 
to abide by conventions or operating system safeguards. 

Many tactics have been employed to defend the data on 
the disk drive from virus attack. One method was to provide 
BIOS code which monitored disk drive write commands to 
look for attempted boot record modification. This and simi- 
lar BIOS -based methods depend on virus software employ- 
ing BIOS calls to access the disk and therefore may be 
ineffective when a virus bypasses BIOS. Another known 
method employs bus snooping hardware which monitors the 
I/O bus to trap disk write operations to protected areas. All 
these methods are prone to defeat because the host processor 
is required to access the data and may be controlled by a 
virus. 

In another aspect, it is known in the art to provide an 
abridged version of BIOS in ROM and use the ROM BIOS 



16,489 Bl 

2 

to load the full BIOS from the disk drive or some other 
alterable memory. Since the BIOS itself is susceptible to 
attack or corruption in these implementations, there have 
been efforts to provide protection. One such a system is 

5 disclosed in U.S. Pat. No. 5,022,077 to Bealkowski et al. 
Bealkowski discloses having the host processor send a 
command to the disk drive after a BIOS is loaded to 
establish a maximum block address. The BIOS code is 
stored on the disk at addresses which are higher than the 

io maximum block address and are therefore inaccessible until 
the maximum block address is reset. This method also 
presents the requirement that the host processor controls the 
protection scheme and the protection method can be easily 
defeated. 

15 A more complex BIOS protection scheme is disclosed in 
U.S. Pat. No. 5,844,986 to Davis. The Davis patent discloses 
a cryptographic coprocessor which acts as a gatekeeper to 
BIOS stored in a flash memory. The cryptographic copro- 
cessor responds to BIOS addresses presented by the host 

20 microprocessor during BIOS reads and requires decoding an 
encrypted code to process updates to the BIOS. The Davis 
patent provides a solution to BIOS security but adds cost 
from flash memory and an additional processor, and does not 
address potential contamination of operating system code. 

25 Further, Davis admits that an intruder can corrupt the code 
if the secret key is obtained. 

Yet another problem experienced by PC users is the time 
required to perform the boot load process. The operating 
system code on the disk drive is a complex arrangement of 

30 linked blocks which are loaded in many stages with con- 
siderable processing required. In addition, most complex 
operating systems require a previous orderly shut-down to 
achieve an efficient start-up. Unfortunately, the orderly 
shut-down is sometimes as lengthy as the boot process. One 

3 ^ known solution to the boot load delay, sometimes known as 
"resume from disk" or "hibernation," has been to store the 
system memory image in special partition on the disk drive. 
A subsequent start-up operation retrieves the image and 
resumes at the prior state of the machine. This solution is 

40 advantageous when starting the machine, but still presents a 
significant shut-down delay. Further, the image on disk is 
susceptible to virus attack or corruption as noted above. 
There is a continuing need, therefore, for a computer 

4S system boot process which is fast and secure from virus 
attack or inadvertent corruption. 

SUMMARY OF THE INVENTION 

This invention can be regarded as a computer system 

50 comprising a host computer, a disk drive, and means defin- 
ing a host interface between the host computer and the disk 
drive. The host computer comprises a host microprocessor 
having an inactive state and an active state. The host 
microprocessor has an input for receiving a state -control 

55 signal and while the state-control signal is asserted remains 
in the inactive state, and while the state-control signal is 
de-asserted remains in the active state. While in the active 
state, the host microprocessor executes host-executable code 
including operating system and application program code. 

so The host computer further comprises a memory array for 
storing the host-executable code and data, means coupled 
between the memory array and the host interface for reading 
from and writing to the memory array; and means respon- 
sive to a signal on the host interface for asserting and 

65 de-asserting the state-control signal. 

The disk drive comprises a disk having disk addresses for 
storing and retrieving data including data defining a host 
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computer memory image source, means for storing and 
retrieving drive-executable code including code defining a 
boot control program, and a drive microprocessor for 
executing the drive -executable code including the boot 
control program. 

The host computer memory image source is stored at disk 
addresses which are accessible by the drive microprocessor 
when executing the boot control program and which are 
protected from access by the host computer. The host 
computer memory image source further comprises an 
address pointer to establish an address in the memory array 
for storing at least a portion of the memory image source. 

The computer system further comprises means for trans- 
ferring the host computer memory image source to the 
memory array via the host interface while the drive micro- 
processor is executing the boot control program means 
controlled by the drive microprocessor for causing the 
state-control signal to be asserted. 

The invention may be used with a host interface which is 
either a memory referenced interface or an I/O interface. 

In another aspect, the invention may be viewed as a 
method for providing a secure boot load image in a computer 
system comprising a disk drive and a host computer. The 
method comprises the steps of providing a host memory 
image source; providing a protected area of the disk suffi- 
cient to store the host memory image source; providing an 
encrypted code; providing code executable in the disk drive 
to prevent access to the protected area by the host computer 
unless the protected area command and the encrypted code 
is sent to the disk drive by the host computer; transmitting 
the protected area command and the encrypted code to the 
disk drive; transmitting the host memory image source to the 
disk drive; and storing the host memory image source in the 
protected area. 

Preferably the encrypted code is derived from the disk 
drive serial number. The image source may be stored as a 
contiguous image or as a compressed image. 

In another aspect, the step of providing a host memory 
image source may include the steps of connecting to a 
remote distribution site; transmitting an identification code 
which uniquely identifies the computer system to the remote 
distribution site; downloading the host memory image 
source from the remote distribution site; and validating the 
host memory image source. 

In still another aspect, the invention can be summarized as 
a method for securely booting the aforementioned computer 
system. The method comprises the steps of asserting the 
state control signal; executing the boot control program with 
the drive microprocessor to retrieve a host memory image 
source from the disk drive; and while the boot control 
program is executed and the state-control signal is asserted, 
transferring the host memory image to the memory array. 

The foregoing and other features of the invention are 
described in detail below and set forth in the appended 
claims. 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG, 1 is a prior art computer system with a BIOS ROM 
in the host computer and a conventional disk drive storing a 
boot record and an operating system. 

FIG. 2 is a computer system according to an embodiment 
of this invention employing a memory-referenced host inter- 
face between the disk drive and the host computer. 

FIG. 3 is a computer system according to another embodi- 
ment of this invention employing an I/O host interface 
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between the disk drive and the host computer, and providing 
a coprocessor on the host computer for cooperating with the 
disk drive microprocessor to cause the host microprocessor 
to be inactivated and a secure host memory image to be 
5 loaded into memory. 

FIG. 4 is block diagram of a test system which is suitable 
for loading the secure host memory image source onto the 
disk drive. 

FIG. 5 is a representation of the host memory image 
10 source stored on disk with an address pointer and the image 
template. 

FIG. 6 is a representation of the protocol for transmitting 
the host memory image over a host interface which is an I/O 
15 interface such as IDE or SCSI. 

FIG. 7 is a flow chart showing the method of the invention 
for initially providing a host memory image and storing it in 
a protected area of the disk drive, such as during manufac- 
turing of the disk drive. 
20 FIG. 8 is a flow chart showing an alternate embodiment 
of the method of the invention for accessing a remote site to 
provide an updated host memory image and store it in a 
protected area of the disk drive. 

FIG. 9 is a flow chart showing the method of the invention 
25 for providing a secure boot of a host computer from a 
protected area of the disk drive. 

DETAILED DESCRIPTION 

3Q FIG. 1 shows a prior art computer system 200 comprising 
a disk drive 224 and a host computer 230. A host interface 
226 is defined between host computer 230 and disk drive 
224 which is conventionally an IDE (sometimes known as 
ATA) or SCSI interface. Various forms of the IDE or SCSI 

35 interface, complying with particular specifications, are in 
use which provide different levels of performance and 
function. 

Disk drive 224 comprises a head disk assembly (HDA) 
202 and a set of controller integrated circuits 214 which may 

40 be integrated in various forms. HDA 202 comprises one or 
more rotating disks 203 (4 shown) mounted on a spindle 
motor and a moveable head stack assembly having head 
transducers for accessing data on the disks. The spindle 
motor and the head stack assembly are controlled by a 

45 motion control circuit 208 which provides current drivers 
and control logic. A channel 216 provides signal processing 
including encoding and decoding for data transferred to and 
from the head transducers. A formatter 218 provides block 
level digital processing of disk data and may include error 

50 correction and detection logic. A buffer 212 provides tem- 
porary storage of data being read from or written to the disk 
and may be implemented in form of a cache memory. A host 
interface 220 provides logic and drivers to respond to host 
interface 226. A drive microprocessor 210 executes code to 

55 control disk operations and manage a queue of commands 
from the host. A ROM 222 stores initialization code 
executed by drive microprocessor 210. 

Host Computer 230 comprises a host microprocessor 232, 
a BIOS ROM 238, a memory array 240, and a host interface 

so circuit 234 which drives and responds to host interface 226. 
Bus 236 connects host computer 232 to the aforementioned 
elements. In this simplified diagram, conventional compo- 
nents such as memory control logic or other peripheral 
devices are omitted, but are well known to those skilled in 

65 the art. 

During a boot load process, host microprocessor 232 
executes code in BIOS ROM 238 to access a boot record 204 
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on disk 203 and proceeds thereupon to load an operating 
system image in memory from operating system source 206 
stored on one or more disks 203. As previously indicated, 
boot record 204 and operating system source 206 are subject 
to contamination by a computer virus or inadvertent modi- 
fication, 

FIG, 2 illustrates a computer system 300 according to an 
embodiment of the invention comprising host computer 330 
and disk drive 324. Host computer 330 comprises host 
microprocessor 332, host local bus 336, memory controller 
339, memory array 340, Peripheral Component Interface 
(PCI) bridge 333, local PCI bus 331 and host interface 
control logic 334. Host microprocessor 332 has an active 
state when executing instructions, and an inactive state 
brought about by the assertion of a state -control signal such 
as a reset or hold signal, both well known in the art. In the 
inactive state, host microprocessor 332 is prevented from 
accessing memory array 340. Host microprocessor 332 is 
suitably a Pentium™ class microprocessor, although other 
microprocessor families may be used with equal advantage. 
Host interface logic 334 preferably comprises a memory 
based interface such as a PCI expansion bus coupled to disk 
drive 324 via host interface bus 326 and coupled to memory 
array 340 via PCI bridge 333 and memory controller 339. 
Other memory referenced interfaces including both serial 
and parallel types may be employed. The memory refer- 
enced interface between disk drive 324 and host computer 
330 enables disk drive 324 to load data into memory array 
340 via host interface 334, local PCI bus 331, PCI bridge 
333, and memory controller 339. 

Disk drive 324 comprises channel 316, formatter 318, 
motion control 308, buffer 312 and HDA 302, comprising 
disks 303. A drive microprocessor 310 executes a disk 
control program to initialize the disk drive. A portion of the 
storage capacity on disks 303 is partitioned to provide a 
protected area of disk addresses which are known to the disk 
control program, but are inaccessible to host computer 330. 
The protected area is sufficient to store an image source 304 
suitable to recreate a fully functional operating image in 
memory 340. When computer system 300 is initialized, such 
as following a power-up sequence, host interface controller 
320 asserts a state-control signal 337 which is translated in 
host interface 334 to assert internal state-control signal 335, 
thereby causing host microprocessor 332 to be maintained in 
an inactive state such as reset or hold. 

After state -control signal 337 is asserted, drive micropro- 
cessor 310, executing code in boot control ROM 322, reads 
a host memory image source 304 from the above-mentioned 
protected area of disk 303 and generates addresses and data 
therefrom for writing into memory array 340 via the pre- 
ferred PCI interface to host computer 330. Host interface 
controller 320 provides logic and buffering for interfacing 
between the host interface PCI bus 326 and drive micro- 
processor 310. When memory array 340 has been loaded 
with the operating image from host memory image source 
304, state-control signal 337 is de-asserted, thereby allowing 
host microprocessor 332 to resume an active state and begin 
executing the host-executable code stored in memory array 
340. 

In one embodiment, a portion of host memory image 
source 304 comprises a BIOS code set. To ensure the 
security of the BIOS code set, disk microprocessor 310 uses 
the memory referenced access path described above to store 
the BIOS code in a portion 342 of memory array 340, and 
writes to registers 345 in memory controller 339 to write- 
protect the portion 342 of memory array 340 from being 
overwritten. Preferably, one or more of the registers 345 
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stores a code which must be provided to memory controller 
339 in order to enable portion 342 to then be overwritten 
after the protection is established. 
The just described process provides an efficient and fully 

5 secure boot load of computer system 300. There is no 
requirement for code to be executed by host microprocessor 
332 during the restoration of an operating image in memory 
array 340. Consequently there is no requirement for a BIOS 
ROM in host computer 330 and overall no opportunity for 

10 a virus to contaminate the operating image stored on disk. 
The time required to restore the operating image may be 
significantly shorter than prior art boot loads or even resume 
from disk operations, because no intervening processing is 
necessary. 

15 Turning to FIG. 5, a diagram of one embodiment 504 of 
the host image source stored on disk is shown. An address 
pointer 506 provides a starting memory address location in 
memory array 340 to begin loading data. Following address 
pointer 506, a contiguous block of data 508 is provided 

20 representing the host memory image. Numerous embodi- 
ments of host image source 304 are possible within the scope 
of the invention including compressed images, non- 
contiguous images with interspersed address pointers and 
encrypted images. 

25 FIG. 3 shows an alternate embodiment of the invention 
where an I/O interface is used to connect a host computer 
and a disk drive. Computer system 400 comprises host 
computer 430 and HDA 424. In general, elements in FIG. 3 
are comparably numbered with FIGS. 1 and 2 (e.g. HDA's 

30 202,302,402) so that only those elements which are most 
relevant to the invention need be discussed. 

Host interface 426, supported by host interface controller 
420 within disk drive 424 and interface control logic 434 in 

35 host computer 430, is preferably an IDE interface. A SCSI 
or other standard I/O interface may alternatively be used. 
When the invention is used with an I/O interface instead of 
a memory referenced interface such as PCI, some interven- 
ing control logic must be employed to address memory array 

4Q 440. A boot load micro-controller 443 in host computer 430 
monitors signals from host interface logic 434 for a boot 
request from disk drive 424, typically following a power-up 
or system reset sequence. Upon recognizing that a boot load 
sequence is in progress, micro-controller 443 asserts state- 

45 control signal 435 to cause host microprocessor 432 to enter 
an inactive state. Subsequently, micro-controller 443 
receives boot load address and data information from disk 
drive 424 and writes the data into memory array 440 at the 
indicated addresses. Upon completion of the boot load, 

5Q state-control signal 435 is dc-asscrtcd by micro-controller 
443 and host microprocessor 432 returns to an active state 
and executes the program just loaded. 

In order to write protect a portion 442 of memory array 
440 comparable to the process discussed above for FIG. 2, 

55 microcontroller 443 receives register data from disk micro- 
processor 410 and writes the data into registers 445 in 
memory controller 439. 

FIG. 6 shows a sequence 600 of data which may be 
communicated by disk drive 424 to micro-controller 443 

60 during the boot load process. Sequence 600 comprises a 
request boot code 602 which is recognized by micro- 
controller 443 to assert state -control signal 435. Subse- 
quently a stream of address 604 and data words 606 may be 
transmitted to transmit the host memory image source to 

65 memory array 440. 

FIG. 9 summarizes the method of the invention 900 to 
perform a secure boot load of a computer system. In step 
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902, the state-control signal is asserted by the drive micro- 
processor to cause the host microprocessor to enter an 
inactive state. In step 904, the drive microprocessor executes 
a boot control program to retrieve the host memory image 
from disk. The method proceeds to step 906 where the drive 
microprocessor transfers the host memory image to the 
memory array. 

FIG. 4 shows a system 570 which is suitable for manu- 
facturing disk drives with a pre-loaded host memory image 
source in a protected area of the disk. System 570 comprises 
a mainframe or central computer system 572, a plurality of 
disk drive test systems 580 (5 shown) and a plurality of disk 
drives 424 connected to the disk drive test systems via host 
interfaces 582. A network 576 provides a communication 
link between mainframe 572 and the plurality of disk drive 
test systems 580. In principle, manufacturing system 570 is 
similar to the system disclosed in commonly assigned pend- 
ing U.S. patent application Ser. No. 08/873,230, the disclo- 
sure of which is hereby incorporated by reference. Main- 
frame 572 maintains a copy of host operating image source 
404 in its internal storage bay and provides the copy to each 
test system 580 for transmittal to disk drives 424. Each disk 
drive 424 is assigned a bar coded serial number upon its 
introduction to test system 580 and thus is able to form an 
unique encrypted code which is preferably derived from its 25 
serial number. Since the drive serial number and the algo- 
rithm used for generating the encrypted code are known to 
the test system 580, the drive can be induced to accept a 
write operation to its protected area. The algorithm may also 
take into account other parameters known only to system 
570 and the disk drive, and these other parameters may be 
employed later in the disk drive's life to enable an update of 
the host memory image source after leaving the factory. 
System 570 provides for a record of the encrypted code for 
this use, and further provides sufficient capacity for simul- 35 
taneously manufacturing numerous versions of disk drives 
or disk drive based systems with various unique host 
memory image source files. 

FIG, 7 illustrates a preferred method 700 of the invention 
for providing the host memory image source to the disk 40 
drive and storing it thereupon. In step 702 a host memory 
image is provided as discussed above. In step 704, the disk 
drive provides a protected area sufficient to store the host 
memory image source. In step 706, the drive is provided 
with code executable in the disk drive to prevent access to 45 
the protected area unless an enabling command and code 
sequence is received. In step 708 the disk drive serial 
number is obtained. In step 710, an encrypted code which is 
at least partially derived from the disk drive serial number is 
computed. In step 712, a command to write in the protected 50 
area is transmitted to the disk drive. In step 714, the 
encrypted code is transmitted to the disk drive. In step 716, 
the host memory image source is transmitted to the disk 
drive. Finally in step 718, the host memory image source is 
stored in the disk protected area, having been enabled by 55 
transmitting the special command and the encrypted code. 
Preferably an additional algorithm is employed which in 
which the host memory image source includes some form of 
self- verification which may be appending syndrome or CRC 
bytes or other methods which ensure that the image is valid, so 

FIG. 8 shows an alternate embodiment 800 of the method 
step of providing a host memory image source which may be 
applied to update the image after the drive has been installed 
in a user's computer system. In step 804, the computer 
system is connected a remote distribution site such as the 65 
manufacturer's Internet web site. In step 806, the computer 
system transmits an ID code to the remote distribution site. 



In step 808, the host memory image source is downloaded. 
In step 810, the image is validated by the disk drive. If the 
image is not valid, the process is aborted at step 814, 
otherwise a valid image is stored in the protected area at step 
812. 
We claim: 

1. A computer system comprising: 
a host computer; 

a disk drive; 

means defining a host interface between the host com- 
puter and the disk drive; 
the host computer comprising: 

a host microprocessor having an inactive state and an 
active state, the host microprocessor having an input 
for receiving a state-control signal and while the 
state -control signal is asserted remaining in the inac- 
tive state, and while the state-control signal is 
de-asserted remaining in the active state and therein 
executing host-executable code including operating 
system and application program code; 
a memory array for storing the host-executable code 
and data; 

means coupled between the memory array and the host 
interface for reading from and writing to the memory 
array; 

means responsive to a signal on the host interface for 
asserting and de-asserting the state-control signal; 
the disk drive comprising: 

a disk having disk addresses for storing and retrieving 
data including data defining a host computer 
memory image source; 

means for storing and retrieving drive -executable code 
including code defining a boot control program; 

a drive microprocessor for executing the drive- 
executable code including the boot control program; 

the host computer memory image source being stored 
at disk addresses which are accessible by the drive 
microprocessor when executing the boot control 
program and which are protected from access by the 
host computer; 

the host computer memory image source further com- 
prising an address pointer to establish an address in 
the memory array for storing at least a portion of the 
memory image source; 

means for transferring the host computer memory 
image source to the memory array via the host 
interface while the drive microprocessor is executing 
the boot control program; and 
means controlled by the drive microprocessor for causing 

the state -control signal to be asserted. 

2. The computer system of claim 1 wherein the host 
interface is a memory-referenced interface. 

3. The computer system of claim 2 wherein the memory- 
referenced interface is a PCI bus. 

4. The computer system of claim 2 wherein the means for 
transferring the host computer memory image source com- 
prises bus mastering circuits. 

5. The computer system of claim 1 wherein the host 
interface is an I/O interface. 

6. The computer system of claim 5 wherein the means 
coupled between the memory array and the host interface 
comprises a boot load microcontroller which is operable 
while the state-control line is asserted. 

7. The computer system of claim 6 further comprising a 
means for the boot load microprocessor to detect a boot 
request sequence on the host interface. 
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8. A method for securely booting a computer system 
comprising a disk drive and a host computer, the host 
computer being coupled to the disk drive via a host interface; 
the disk drive comprising a drive microprocessor, a boot 
control program executable by the drive microprocessor and 
a means for causing a state-control signal to be asserted; the 
host computer further comprising a memory array and a host 
microprocessor, the method comprising: 

asserting the state-control signal from the disk drive to 
hold the host microprocessor in an inactive state 
wherein the host microprocessor is prevented from 
accessing the memory array when the state control 
signal is asserted; 

executing the boot control program with the drive micro- 
processor to retrieve a host memory image from the 
disk drive; and 

while the boot control program is executed and the 
state -control signal is asserted, transferring the host 
memory image to the memory array. 

9. The method of claim 8, further comprising: 

de -asserting the state-control signal from the disk drive to 
restore the host microprocessor to an active state 
wherein the host microprocessor is allowed to access 
the memory array when in an active state; and 

accessing the transferred host memory image from the 
memory array by the host microprocessor, 

10. The method of claim 9, wherein the host memory 
image is retrieved from an area of the disk drive protected 
from access by the host computer. 

U. The method of claim 8, 

wherein the disk drive further comprises a disk, 

wherein host memory image is retrieved from a protected 

area of the disk sufficient to store the host memory 

image, and 
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wherein a code executable in the disk drive prevents the 
host computer from accessing to the protected area 
unless a protected area command and a predetermined 
encrypted code are sent to the disk drive by the host 
computer. 

12. The method of claim 11, further comprising: 
transmitting the protected area command and the 

encrypted code to the disk drive to enable writing data 

in the protected area; 
transmitting the host memory image to the disk drive; and 
storing the host memory image in the protected area prior 

to the asserting. 

13. The method of claim 11, wherein the encrypted code 
is derived from a serial number of the disk drive. 

14. The method of claim 11, further comprising: 

compressing the host memory image prior to the storing 
wherein the host memory image stored in the protected 
area is the compressed host memory image. 

15. The method of claim 8, wherein the computer system 
is in communication with a remote distribution site and 
wherein the method further comprising: 

transmitting a unique identification code of the computer 
system to the remote distribution site; 

receiving the host memory image from the remote distri- 
bution site; and 

validating the received host memory image. 

16. The method of claim IS, wherein the remote distri- 
bution site is in communication with the computer system 
via the Internet. 
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